Support X-Forwarded-Host with multiple hosts

Closes #6215.
pull/6216/head
Asher 2023-05-17 11:51:05 -08:00
parent 6745a46034
commit b3b971480f
No known key found for this signature in database
GPG Key ID: D63C1EF81242354A
2 changed files with 7 additions and 2 deletions

View File

@ -386,10 +386,14 @@ function getHost(req: express.Request): string | undefined {
}
}
// Honor X-Forwarded-Host if present.
// Honor X-Forwarded-Host if present. Some reverse proxies will set multiple
// comma-separated hosts.
const xHost = getFirstHeader(req, "x-forwarded-host")
if (xHost) {
return xHost.trim().toLowerCase()
const firstXHost = xHost.split(",")[0]
if (firstXHost) {
return firstXHost.trim().toLowerCase()
}
}
const host = getFirstHeader(req, "host")

View File

@ -58,6 +58,7 @@ describe("http", () => {
;[
["host", test.host],
["x-forwarded-host", test.host],
["x-forwarded-host", `${test.host}, ${test.host}`],
["forwarded", `for=127.0.0.1, host=${test.host}, proto=http`],
["forwarded", `for=127.0.0.1;proto=http;host=${test.host}`],
["forwarded", `proto=http;host=${test.host}, for=127.0.0.1`],