FilterUntrustedOriginHeaders removes all known proxy headers from the request for untrusted origins, and ensures that only one copy of each proxy header is set.
(config *RealIPConfig, req *http.Request)
| 83 | // request for untrusted origins, and ensures that only one copy |
| 84 | // of each proxy header is set. |
| 85 | func FilterUntrustedOriginHeaders(config *RealIPConfig, req *http.Request) { |
| 86 | if config == nil { |
| 87 | config = &RealIPConfig{ |
| 88 | TrustedOrigins: nil, |
| 89 | TrustedHeaders: nil, |
| 90 | } |
| 91 | } |
| 92 | |
| 93 | cf := isContainedIn(config.TrustedOrigins, getRemoteAddress(req.RemoteAddr)) |
| 94 | if !cf { |
| 95 | // Address is not valid or the origin is not trusted; clear |
| 96 | // all known proxy headers and return |
| 97 | for _, header := range config.TrustedHeaders { |
| 98 | req.Header.Del(header) |
| 99 | } |
| 100 | return |
| 101 | } |
| 102 | |
| 103 | for _, header := range config.TrustedHeaders { |
| 104 | req.Header.Set(header, req.Header.Get(header)) |
| 105 | } |
| 106 | } |
| 107 | |
| 108 | // EffectiveHost returns the host Coder should trust for request handling. |
| 109 | // It uses X-Forwarded-Host only when the immediate peer is a configured |