homelab/traefik
1
0
Fork 0
Code Activity

Drop untrusted X-Forwarded-Prefix header

Browse source 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
This commit is contained in:
Romain 2024-11-08 12:12:35 +01:00 committed by GitHub
parent 6f18344c56
commit 2096fd7081
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 31 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

2
pkg/middlewares/forwardedheaders/forwarded_header.go
View file

@ -20,6 +20,7 @@ const (
xForwardedServer = "X-Forwarded-Server"
xForwardedURI = "X-Forwarded-Uri"
xForwardedMethod = "X-Forwarded-Method"
xForwardedPrefix = "X-Forwarded-Prefix"
xForwardedTLSClientCert = "X-Forwarded-Tls-Client-Cert"
xForwardedTLSClientCertInfo = "X-Forwarded-Tls-Client-Cert-Info"
xRealIP = "X-Real-Ip"
@ -35,6 +36,7 @@ var xHeaders = []string{
xForwardedServer,
xForwardedURI,
xForwardedMethod,
xForwardedPrefix,
xForwardedTLSClientCert,
xForwardedTLSClientCertInfo,
xRealIP,