MCPcopy Index your code
hub / github.com/coder/coder / FilterUntrustedOriginHeaders

Function FilterUntrustedOriginHeaders

coderd/httpmw/realip.go:85–106  ·  view source on GitHub ↗

FilterUntrustedOriginHeaders removes all known proxy headers from the request for untrusted origins, and ensures that only one copy of each proxy header is set.

(config *RealIPConfig, req *http.Request)

Source from the content-addressed store, hash-verified

83// request for untrusted origins, and ensures that only one copy
84// of each proxy header is set.
85func FilterUntrustedOriginHeaders(config *RealIPConfig, req *http.Request) {
86 if config == nil {
87 config = &RealIPConfig{
88 TrustedOrigins: nil,
89 TrustedHeaders: nil,
90 }
91 }
92
93 cf := isContainedIn(config.TrustedOrigins, getRemoteAddress(req.RemoteAddr))
94 if !cf {
95 // Address is not valid or the origin is not trusted; clear
96 // all known proxy headers and return
97 for _, header := range config.TrustedHeaders {
98 req.Header.Del(header)
99 }
100 return
101 }
102
103 for _, header := range config.TrustedHeaders {
104 req.Header.Set(header, req.Header.Get(header))
105 }
106}
107
108// EffectiveHost returns the host Coder should trust for request handling.
109// It uses X-Forwarded-Host only when the immediate peer is a configured

Callers 3

TestFilterUntrustedFunction · 0.92
TestApplicationProxyFunction · 0.92
proxyWorkspaceAppMethod · 0.92

Calls 4

isContainedInFunction · 0.85
getRemoteAddressFunction · 0.85
SetMethod · 0.65
GetMethod · 0.65

Tested by 2

TestFilterUntrustedFunction · 0.74
TestApplicationProxyFunction · 0.74