Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add trusted_proxies option #494

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
1 task done
Jeidnx opened this issue Nov 2, 2024 · 1 comment · Fixed by #495
Closed
1 task done

Add trusted_proxies option #494

Jeidnx opened this issue Nov 2, 2024 · 1 comment · Fixed by #495
Assignees
@Jeidnx
Labels
enhancement New feature or request v2 v2 release
Milestone
v2.34.0

Comments

@Jeidnx
Copy link
Contributor

Jeidnx commented Nov 2, 2024

Search for duplicate feature request

  • I already searched, and this feature request or improvement is not a duplicate.

Feature scope

Configuration (e.g. TOML) or CLI/env option

Feature request related to a problem

The log_remote_address option currently always logs the contents of the X-Forwarded-For header. This is problematic when static-web-server is used without a trusted proxy in front, because a client could send this header and "poison" the log. More details can be found in this MDN document.

Describe the solution you'd like

I would like a trusted_proxies option which would allow specifying from which IP addresses the X-Forwarded-For header is allowed to be read. I have actually already implemented this in 4cfa569.

Describe alternatives you've considered

An alternative would be to have a boolean trust_x_forwarded, which toggles the option for all IPs. This is not as fine grained though.

Build target

All targets

Additional context

My original Plan was to just submit a draft PR with the changes i made. Before doing that i looked for a Contributing.md file. When opening the PR i was a bit surprised to see the policy that PRs will only be accepted with a related issue, so it would be awesome if a contributing.md file is created :)
@Jeidnx Jeidnx added enhancement New feature or request help wanted Extra attention is needed v2 v2 release labels Nov 2, 2024
@joseluisq
Copy link
Collaborator

The idea sounds fine to me. Feel free to open a draft.

Yes, we need a CONTRIBUTING.md file. I will create one.

@Jeidnx Jeidnx mentioned this issue Nov 2, 2024
Merged
@joseluisq joseluisq removed the help wanted Extra attention is needed label Nov 3, 2024
@joseluisq joseluisq added this to the v2.34.0 milestone Nov 11, 2024
@dctaf dctaf mentioned this issue Jan 31, 2025
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Jeidnx Jeidnx

Labels
enhancement New feature or request v2 v2 release
Projects
None yet
Milestone
v2.34.0
Development

Successfully merging a pull request may close this issue.

Improve X-Forwarded-For handling Jeidnx/static-web-server
2 participants
@joseluisq @Jeidnx