Description
There's no universal standard for what the proxy headers mean or what order IP addresses are in. Having an open source package that makes it look like you can "just add" support for detecting the IP of the client correctly is misleading.
You can learn more about the topic here https://adam-p.ca/blog/2022/03/x-forwarded-for/
It's also dangerous because the particular configuration that I found this used in was incorrectly taking a client controlled header as the "real" ip.
IMO the most correct thing to do is to either split the handler into 10 or so for different proxy configurations or just delete it entirely because it's much easier for the user to look up what their proxy is doing and write the 5 lines of code needed to parse the end user's IP address.
Metadata
Metadata
Assignees
Type
Projects
Status