kit icon indicating copy to clipboard operation
kit copied to clipboard
verified publisher icon sveltejs

dev mode ignoring `X-Forwarded-Proto` and `X-Forwarded-Host` headers

Open teemingc opened this issue 1 year ago • 4 comments

Discussed in https://github.com/sveltejs/kit/discussions/11900

Originally posted by yannishin February 26, 2024 I expected the return from the Hook to be event.url.host=ui.foo.com, event.url.protocol=https:, but it is returning event.url.host=ui_server/ui, event.url.protocol=http:.

How should I solve this issue?

Given that event.request.headers.get("X-Forwarded-Host") and event.request.headers.get("X-Forwarded-Proto") are returning null, it seems that the node server(adapter-node.) is not recognizing the X-Forwarded-??? headers.

For reference, the API Server developed with spring boot is correctly returning ui.foo.com, https:.

This is Nginx Config

upstream ui_server { ip_hash; ui.foo.com:17001; keepalive 100; }

location /ui {

    proxy_pass  http://ui_server/ui;

    proxy_http_version 1.1;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto $scheme;
    proxy_set_header    X-Forwarded-Host $host;
    proxy_set_header Forwarded "for=$proxy_add_x_forwarded_for; host=$host; proto=$scheme";

    charset utf-8;

    access_log /opt/naon/app/nginx/logs/ui-access.log postdata;
  }

teemingc avatar Feb 26 '24 14:02 teemingc

@yannishin Are the appropriate environment variables set at runtime in the built application? https://kit.svelte.dev/docs/adapter-node#environment-variables-origin-protocolheader-hostheader-and-port-header

Conduitry avatar Feb 26 '24 15:02 Conduitry

@Conduitry https://kit.svelte.dev/docs/adapter-node#environment-variables-origin-protocolheader-hostheader-and-port-header

The description in the link above seems to apply to the settings when building, and I want it to apply in dev mode.

yannishin avatar Feb 26 '24 23:02 yannishin

Ah, okay, if it's in dev mode, then you're not actually running any adapter-node code.

What you're asking to do isn't currently supported. We could either add SvelteKit-level configuration for controlling this at dev time only (which feels a bit weird to me), or we could roll this into work to let adapter influence the dev-time behavior of apps (which feels like the better solution, but will take longer to settle on an API - #2304 / #3535).

Conduitry avatar Feb 26 '24 23:02 Conduitry

Because of this development with Cloudflare tunnel + SvelteKit is harder :(

rskvazh avatar Aug 20 '24 10:08 rskvazh

Any progress on this? It's like a simple feature.

takeseem avatar Sep 06 '25 06:09 takeseem