Proactively reject URLs without target address

rstoyanchev · rstoyanchev · commit 147368eccca6 · 2017-07-19T12:37:32.000+02:00
Issue: SPR-15782
diff --git a/spring-web/src/main/java/org/springframework/http/client/reactive/ReactorClientHttpConnector.java b/spring-web/src/main/java/org/springframework/http/client/reactive/ReactorClientHttpConnector.java
@@ -68,6 +68,10 @@ public ReactorClientHttpConnector(Consumer<? super HttpClientOptions.Builder> cl
 	public Mono<ClientHttpResponse> connect(HttpMethod method, URI uri,
 			Function<? super ClientHttpRequest, Mono<Void>> requestCallback) {
 
+		if (!uri.isAbsolute()) {
+			return Mono.error(new IllegalArgumentException("URI is not absolute: " + uri));
+		}
+
 		return this.httpClient
 				.request(adaptHttpMethod(method),
 						uri.toString(),
diff --git a/spring-webflux/src/test/java/org/springframework/web/reactive/function/client/WebClientIntegrationTests.java b/spring-webflux/src/test/java/org/springframework/web/reactive/function/client/WebClientIntegrationTests.java
@@ -568,6 +568,16 @@ public void exchangeNoContent() throws Exception  {
 		}).verifyComplete();
 	}
 
+	@Test // SPR-15782
+	public void absoluteUri() throws Exception {
+		String uri = "/api/v4/groups/1";
+		Mono<ClientResponse> responseMono = WebClient.builder().build().get().uri(uri).exchange();
+
+		StepVerifier.create(responseMono)
+				.expectErrorMessage("URI is not absolute: " + uri)
+				.verify(Duration.ofSeconds(5));
+	}
+
 
 	@SuppressWarnings("serial")
 	private static class MyException extends RuntimeException {
