Support X-Forwarded-Host with multiple hosts

Closes #6215.
This commit is contained in:
Asher 2023-05-17 11:51:05 -08:00
parent 6745a46034
commit b3b971480f
No known key found for this signature in database
GPG Key ID: D63C1EF81242354A
2 changed files with 7 additions and 2 deletions

View File

@ -386,10 +386,14 @@ function getHost(req: express.Request): string | undefined {
} }
} }
// Honor X-Forwarded-Host if present. // Honor X-Forwarded-Host if present. Some reverse proxies will set multiple
// comma-separated hosts.
const xHost = getFirstHeader(req, "x-forwarded-host") const xHost = getFirstHeader(req, "x-forwarded-host")
if (xHost) { if (xHost) {
return xHost.trim().toLowerCase() const firstXHost = xHost.split(",")[0]
if (firstXHost) {
return firstXHost.trim().toLowerCase()
}
} }
const host = getFirstHeader(req, "host") const host = getFirstHeader(req, "host")

View File

@ -58,6 +58,7 @@ describe("http", () => {
;[ ;[
["host", test.host], ["host", test.host],
["x-forwarded-host", test.host], ["x-forwarded-host", test.host],
["x-forwarded-host", `${test.host}, ${test.host}`],
["forwarded", `for=127.0.0.1, host=${test.host}, proto=http`], ["forwarded", `for=127.0.0.1, host=${test.host}, proto=http`],
["forwarded", `for=127.0.0.1;proto=http;host=${test.host}`], ["forwarded", `for=127.0.0.1;proto=http;host=${test.host}`],
["forwarded", `proto=http;host=${test.host}, for=127.0.0.1`], ["forwarded", `proto=http;host=${test.host}, for=127.0.0.1`],