Trust X-Forwarded-For from 127.0.0.1

2013-09-10 16:11:35 -05:00 · 2013-09-10 16:11:35 -05:00 · 2a30d30d0a
parent 83ea83429e
commit 2a30d30d0a
3 changed files with 7 additions and 3 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
 Tue Sep 10 16:10 2013 CDT
    * lib/server.js, lib/api.js: Implicitly trust X-Forwarded-For when the
      source ip is 127.0.0.1
 Tue Sep 10 14:09 2013 CDT
    * lib/config.js, lib/server.js: Add a config key for the passphrase
      to the ssl key.
--- a/lib/api.js
+++ b/lib/api.js
@ -19,7 +19,7 @@ module.exports = function (Server) {
    function getIP(req) {
        var raw = req.connection.remoteAddress;
        var forward = req.header("x-forwarded-for");
-        if(Server.cfg["trust-x-forward"] && forward) {
+        if((Server.cfg["trust-x-forward"] || raw === "127.0.0.1") && forward) {
            var ip = forward.split(",")[0];
            Logger.syslog.log("REVPROXY " + raw + " => " + ip);
            return ip;
--- a/lib/server.js
+++ b/lib/server.js
@ -13,7 +13,7 @@ const VERSION = "2.4.2";
 function getIP(req) {
    var raw = req.connection.remoteAddress;
    var forward = req.header("x-forwarded-for");
-    if(Server.cfg["trust-x-forward"] && forward) {
+    if((Server.cfg["trust-x-forward"] || raw === "127.0.0.1") && forward) {
        var ip = forward.split(",")[0];
        Logger.syslog.log("REVPROXY " + raw + " => " + ip);
        return ip;
@ -23,7 +23,7 @@ function getIP(req) {
 function getSocketIP(socket) {
    var raw = socket.handshake.address.address;
-    if(Server.cfg["trust-x-forward"]) {
+    if(Server.cfg["trust-x-forward"] || raw === "127.0.0.1") {
        if(typeof socket.handshake.headers["x-forwarded-for"] == "string") {
            var ip = socket.handshake.headers["x-forwarded-for"]
                .split(",")[0];