Simpler and actually correct x-forwarded-for fix (#641)

* Simpler and actually correct x-forwarded-for fix * Change to overwrite forwarded for
getlantern · Dec 20, 2024 · 680adb8 · 680adb8
1 parent dafafda
commit 680adb8
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/proxyfilters/forwardedfor.go b/proxyfilters/forwardedfor.go
@@ -3,7 +3,6 @@ package proxyfilters
 import (
 	"net"
 	"net/http"
-	"strings"
 
 	"github.com/getlantern/proxy/v3/filters"
 )
@@ -17,10 +16,12 @@ const (
 var AddForwardedFor = filters.FilterFunc(func(cs *filters.ConnectionState, req *http.Request, next filters.Next) (*http.Response, *filters.ConnectionState, error) {
 	if req.Method != http.MethodConnect {
 		if clientIP, _, err := net.SplitHostPort(req.RemoteAddr); err == nil {
-			if prior, ok := req.Header[xForwardedFor]; ok {
-				clientIP = strings.Join(prior, ", ") + ", " + clientIP
-			}
+			// Proxies are supposed to actually overwrite previous values, as they
+			// can be maliciously set by the client.
 			req.Header.Set(xForwardedFor, clientIP)
+		} else {
+			// If we can't parse the client IP, we should remove the header.
+			req.Header.Del(xForwardedFor)
 		}
 	}
 	return next(cs, req)