mirror of
https://github.com/bitwarden/server.git
synced 2024-12-23 17:07:42 +01:00
UseForwardedHeaders with known proxies
This commit is contained in:
parent
8b80478a97
commit
e6baa1490c
@ -104,10 +104,7 @@ namespace Bit.Admin
|
||||
if(globalSettings.SelfHosted)
|
||||
{
|
||||
app.UsePathBase("/admin");
|
||||
app.UseForwardedHeaders(new ForwardedHeadersOptions
|
||||
{
|
||||
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
|
||||
});
|
||||
app.UseForwardedHeaders(globalSettings);
|
||||
}
|
||||
|
||||
if(env.IsDevelopment())
|
||||
|
@ -171,10 +171,7 @@ namespace Bit.Api
|
||||
}
|
||||
else
|
||||
{
|
||||
app.UseForwardedHeaders(new ForwardedHeadersOptions
|
||||
{
|
||||
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
|
||||
});
|
||||
app.UseForwardedHeaders(globalSettings);
|
||||
}
|
||||
|
||||
// Add static files to the request pipeline.
|
||||
|
@ -5,6 +5,7 @@ namespace Bit.Core
|
||||
public class GlobalSettings
|
||||
{
|
||||
public bool SelfHosted { get; set; }
|
||||
public virtual string KnownProxies { get; set; }
|
||||
public virtual string SiteName { get; set; }
|
||||
public virtual string StripeApiKey { get; set; }
|
||||
public virtual string ProjectName { get; set; }
|
||||
|
@ -27,6 +27,8 @@ using Microsoft.Extensions.DependencyInjection.Extensions;
|
||||
using IdentityServer4.AccessTokenValidation;
|
||||
using System.Security.Claims;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.HttpOverrides;
|
||||
using System.Linq;
|
||||
|
||||
namespace Bit.Core.Utilities
|
||||
{
|
||||
@ -390,5 +392,29 @@ namespace Bit.Core.Utilities
|
||||
await next.Invoke();
|
||||
});
|
||||
}
|
||||
|
||||
public static void UseForwardedHeaders(this IApplicationBuilder app, GlobalSettings globalSettings)
|
||||
{
|
||||
var options = new ForwardedHeadersOptions
|
||||
{
|
||||
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
|
||||
};
|
||||
if(!string.IsNullOrWhiteSpace(globalSettings.KnownProxies))
|
||||
{
|
||||
var proxies = globalSettings.KnownProxies.Split(',');
|
||||
foreach(var proxy in proxies)
|
||||
{
|
||||
if(System.Net.IPAddress.TryParse(proxy, out var ip))
|
||||
{
|
||||
options.KnownProxies.Add(ip);
|
||||
}
|
||||
}
|
||||
}
|
||||
if(options.KnownProxies.Count > 1)
|
||||
{
|
||||
options.ForwardLimit = null;
|
||||
}
|
||||
app.UseForwardedHeaders(options);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -97,6 +97,10 @@ namespace Bit.Identity
|
||||
// Rate limiting
|
||||
app.UseMiddleware<CustomIpRateLimitMiddleware>();
|
||||
}
|
||||
else
|
||||
{
|
||||
app.UseForwardedHeaders(globalSettings);
|
||||
}
|
||||
|
||||
// Add current context
|
||||
app.UseMiddleware<CurrentContextMiddleware>();
|
||||
|
Loading…
Reference in New Issue
Block a user