Go: Use X-Forwarded headers for users that are running services behind a proxy/reverse proxy.#1935
Open
woodybriggs wants to merge 2 commits intox402-foundation:mainfrom
Open
Go: Use X-Forwarded headers for users that are running services behind a proxy/reverse proxy.#1935woodybriggs wants to merge 2 commits intox402-foundation:mainfrom
woodybriggs wants to merge 2 commits intox402-foundation:mainfrom
Conversation
Author
|
looks like this might be a problem in other language packages too |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
when running servers in trusted environments such as kubernetes or if just sitting behind a reverse proxy like traefik or nginx the scheme of the resourceURL is incorrectly being set to http. This is due to the adapters looking specifically for a TLS connection state in the request object coming from the http lib/framework.
This PR aims to resolve this, by using standard proxy X-Forwarded Headers.
It should be said that the adapters assume that the X-Forwarded headers can be trusted. It may be wise to add to documentation that if the app is behind a proxy of some sort it will use X-Forwarded headers, and you should make sure that you are only allowing trusted proxies to hit your server.
Tests
tests added to ensure that https is handled correctly if no tls connection is present the x-forwarded headers can be used.
Checklist
I have formatted and linted my code
All new and existing tests pass
My commits are signed (required for merge) -- you may need to rebase if you initially pushed unsigned commits
I added a changelog fragment for user-facing changes (docs-only changes can skip)
Go: use X-Forwarded headers (if present) when constructing URL for payment-requried header.