Comments (3)
Just to answer the latter part, you can use any mechanism you need to get the proxy IP, you are not limited to x-forwarded-for only. Just define your own custom req.ip
to do what you need https://expressjs.com/en/guide/overriding-express-api.html
from express.
Thanks for the rapid response! That looks really promising, if I am allowed to overwrite the req.ip and req.secure flags. I couldn't find any reference to which Request properties are in which category (assigned or getters), but I'll see if those work for me....
from express.
Works an absolute treat 🥳
For anyone else coming here, I overrode request.protocol rather than request.secure. Code works for my use case - I can trust the left-most entry in Forwarded header, and can ignore X-Forwarded headers - but adapt as necessary.
const parseForwardedHeader = (request: typeof app.request) =>
request.header('Forwarded')
?.split(",")
.flatMap((proxy) => proxy.split(';'))
.reduce((result, proxyProps) => {
const [key, value] = proxyProps.split('=');
if (key && value) {
result[key] = (result[key] || []).concat(value);
}
return result;
}, {} as Record<string, string[]>);
Object.defineProperties(app.request, {
'ip': {
configurable: true,
enumerable: true,
get() {
const proxies = parseForwardedHeader(this as typeof app.request);
return proxies?.['for']?.[0] ?? this.socket.remoteAddress;
},
},
'protocol': {
configurable: true,
enumerable: true,
get() {
const proxies = parseForwardedHeader(this as typeof app.request);
return proxies?.['proto']?.[0] ?? this.socket.encrypted ? 'https' : 'http';
},
},
});
Importantly, for this use case don't enable trust proxy in case any in-between proxies are adding X-Forwarded-
headers.
from express.
Related Issues (20)
- [deleted] HOT 3
- Request triager role for @SarthakParikh HOT 1
- Working On Vite+React. Have an Issue. HOT 1
- 4.19.0 breaks passing new URL() into res.redirect(...) HOT 7
- The npm latest version of express is 5.0.0-beta.2 !!! HOT 10
- Troubleshooting Node.js Express Server Routing Issue HOT 1
- mime.charsets in Response.js is undefined HOT 8
- WebAssembly Out of memory Error for any server HOT 2
- return res.redirect('back'); returns to '/' instead of the previous page HOT 2
- Need a clarification on router.param() usage. HOT 4
- [Question] Should Express.js v5.x drop support to older versions of Node? HOT 3
- .get() attempting to grab from home dir (Linux) HOT 2
- Request triager role for Ivaylo-Iv HOT 1
- Request triager role for etroynov HOT 2
- clean code for switch condition HOT 2
- Response location broken for unicode domains in latest release HOT 1
- help typing Request query with object
- Using colon as a character instead of path parameter (express 5) HOT 1
- Support HTTP `QUERY` method HOT 3
- Nominating @carpasse to the triage team HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from express.