Merge pull request #17868 from owncloud/x-forwarded-for

Set default 'forwarded for' headers for reverse proxy
author: Thomas Müller <thomas.mueller@tmit.eu> 2015-08-11 14:02:46 +0200
committer: Thomas Müller <thomas.mueller@tmit.eu> 2015-08-11 14:02:46 +0200
commit: aed068b237e8b654487941b10bfb45066fcdc5c2 (patch)
tree: 4ee125fdbb19653666db68e91db54685bf0ca524 /lib
parent: d5bba42030b0243967baecb86baf46209ce556f4 (diff)
parent: 2579999373e628c1d6d4d08d1d89412f1fd68fe3 (diff)
download: nextcloud-server-aed068b237e8b654487941b10bfb45066fcdc5c2.tar.gz
nextcloud-server-aed068b237e8b654487941b10bfb45066fcdc5c2.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/private/appframework/http/request.php b/lib/private/appframework/http/request.php
index 43f01dfde3f..aaad286e843 100644
--- a/lib/private/appframework/http/request.php
+++ b/lib/private/appframework/http/request.php
@@ -452,7 +452,10 @@ class Request implements \ArrayAccess, \Countable, IRequest {
 		$trustedProxies = $this->config->getSystemValue('trusted_proxies', []);
 
 		if(is_array($trustedProxies) && in_array($remoteAddress, $trustedProxies)) {
-			$forwardedForHeaders = $this->config->getSystemValue('forwarded_for_headers', []);
+			$forwardedForHeaders = $this->config->getSystemValue('forwarded_for_headers', [
+				'HTTP_X_FORWARDED_FOR'
+				// only have one default, so we cannot ship an insecure product out of the box
+			]);
 
 			foreach($forwardedForHeaders as $header) {
 				if(isset($this->server[$header])) {
author	Thomas Müller <thomas.mueller@tmit.eu>	2015-08-11 14:02:46 +0200
committer	Thomas Müller <thomas.mueller@tmit.eu>	2015-08-11 14:02:46 +0200
commit	aed068b237e8b654487941b10bfb45066fcdc5c2 (patch)
tree	4ee125fdbb19653666db68e91db54685bf0ca524 /lib
parent	d5bba42030b0243967baecb86baf46209ce556f4 (diff)
parent	2579999373e628c1d6d4d08d1d89412f1fd68fe3 (diff)
download	nextcloud-server-aed068b237e8b654487941b10bfb45066fcdc5c2.tar.gz nextcloud-server-aed068b237e8b654487941b10bfb45066fcdc5c2.zip