From c3d692ac5130a5c6f2ab0d89beb22c3b981630e2 Mon Sep 17 00:00:00 2001 From: Rutger Broekhoff Date: Wed, 24 Jan 2024 20:25:31 +0100 Subject: Use X-Forwarded-Host instead of X-Forwarded-For --- server/src/main.rs | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'server') diff --git a/server/src/main.rs b/server/src/main.rs index 9826873..0f12c8f 100644 --- a/server/src/main.rs +++ b/server/src/main.rs @@ -722,20 +722,19 @@ struct AuthorizationConfig { struct Trusted(bool); -fn forwarded_for_trusted_host( +fn forwarded_from_trusted_host( headers: &HeaderMap, trusted: &HashSet, ) -> Result> { - println!("Trusted: {:?}, headers: {:?}", trusted, headers); - if let Some(forwarded_for) = headers.get("X-Forwarded-For") { - if let Ok(forwarded_for) = forwarded_for.to_str() { - if trusted.contains(forwarded_for) { + if let Some(forwarded_host) = headers.get("X-Forwarded-Host") { + if let Ok(forwarded_host) = forwarded_host.to_str() { + if trusted.contains(forwarded_host) { return Ok(true); } } else { return Err(make_error_resp( StatusCode::NOT_FOUND, - "Invalid X-Forwarded-For header", + "Invalid X-Forwarded-Host header", )); } } @@ -765,7 +764,7 @@ fn authorize_batch( return Ok(Trusted(true)); } - let trusted = forwarded_for_trusted_host(headers, &conf.trusted_forwarded_hosts)?; + let trusted = forwarded_from_trusted_host(headers, &conf.trusted_forwarded_hosts)?; if operation != common::Operation::Download { if trusted { return Err(make_error_resp( -- cgit v1.2.3