EffectiveHost returns the host Coder should trust for request handling. It uses X-Forwarded-Host only when the immediate peer is a configured trusted proxy. Otherwise it uses the received Host header.
(config *RealIPConfig, r *http.Request)
| 109 | // It uses X-Forwarded-Host only when the immediate peer is a configured |
| 110 | // trusted proxy. Otherwise it uses the received Host header. |
| 111 | func EffectiveHost(config *RealIPConfig, r *http.Request) string { |
| 112 | if config == nil { |
| 113 | config = &RealIPConfig{ |
| 114 | TrustedOrigins: nil, |
| 115 | TrustedHeaders: nil, |
| 116 | } |
| 117 | } |
| 118 | |
| 119 | // When ExtractRealIP has run, r.RemoteAddr may hold the forwarded |
| 120 | // client IP, and we should use the original socket peer for proxy |
| 121 | // trust decisions. |
| 122 | remoteAddr := r.RemoteAddr |
| 123 | state := RealIP(r.Context()) |
| 124 | if state != nil && state.OriginalRemoteAddr != "" { |
| 125 | remoteAddr = state.OriginalRemoteAddr |
| 126 | } |
| 127 | |
| 128 | if isContainedIn(config.TrustedOrigins, getRemoteAddress(remoteAddr)) { |
| 129 | if host := r.Header.Get(httpapi.XForwardedHostHeader); host != "" { |
| 130 | return host |
| 131 | } |
| 132 | } |
| 133 | |
| 134 | return r.Host |
| 135 | } |
| 136 | |
| 137 | // EnsureXForwardedForHeader ensures that the request has an X-Forwarded-For |
| 138 | // header. It uses the following logic: |