jitsucom
feat(ingest): add configurable TRUSTED_IP_HEADERS for proxy support
When running Jitsu behind Cloudflare, the service couldn't get the real client IP because Cloudflare uses CF-Connecting-IP header instead of the standard X-Real-Ip or X-Forwarded-For.
This PR adds a TRUSTED_IP_HEADERS environment variable that lets you configure which headers to check for client IP, in priority order.
Why a configurable list instead of just adding Cloudflare support?
In real deployments, you might have mixed scenarios:
- Frontend behind Cloudflare sending browser events
- Backend services (e.g., Next.js server) sending server-side events through different proxies
- Custom proxy setups with their own headers
A simple "enable Cloudflare" flag wouldn't work here. The configurable header list gives flexibility for any proxy setup.
From the design stand-point, LGTM. @absorbb would you please take a look?
@VolanDeVovan Just curious Cloudflare by default should add X-Forwarded-For header along with CF-Connecting-IP https://developers.cloudflare.com/fundamentals/reference/http-headers/#x-forwarded-for
Could you please make sure that there is no Managed Transform rule that removes X-Forwarded-For header?
