Do not accept client-supplied X-Forwarded-For header (!415) · Merge requests · GitLab.org / gitlab-pages

This pulls in the change introduced by labkit!104 (merged).

By default labkit will accept any client-provided X-Forwarded-For header for logging. Pages has its own X-Forwarded-For middleware that replaces http.Request.RemoteAddr when configured behind a proxy. So it is already taken care of.

Thus we want to disable the XFF parsing on the labkit logging side, and this patch does just that.

fixes https://gitlab.com/gitlab-org/gitlab-pages/-/issues/525

Edited Jan 11, 2021 by Igor

Do not accept client-supplied X-Forwarded-For header

Merge request reports