gosmee icon indicating copy to clipboard operation
gosmee copied to clipboard

Published 20 hours ago verified publisher icon chmouel

X-Forwarded-For header is incorrect

Open kristjanbjarni opened this issue 5 months ago • 1 comments

X-Forwarded-For header is added to the outgoing request as expected, but it includes the port number, for example:

X-Forwarded-For: 127.0.0.1:1234

This is incorrect according to the specification: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For

and since this header is critical for security and spoofing many endpoints reject any invalid x-forwarded-for header in the request with "400 bad request" as expected.

kristjanbjarni avatar Jan 12 '24 19:01 kristjanbjarni