gosmee
gosmee copied to clipboard
X-Forwarded-For header is incorrect
X-Forwarded-For header is added to the outgoing request as expected, but it includes the port number, for example:
X-Forwarded-For: 127.0.0.1:1234
This is incorrect according to the specification: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
and since this header is critical for security and spoofing many endpoints reject any invalid x-forwarded-for header in the request with "400 bad request" as expected.