Skip to content

Commit

Permalink
fix: always override default proxies
Browse files Browse the repository at this point in the history 
Gin trusts all proxies by default. This is a security problem.
  • Loading branch information
@jmattheis
jmattheis committed Feb 4, 2024
1 parent c68b2b5 commit 949e5df
Showing 1 changed file with 2 additions and 4 deletions.
6 changes: 2 additions & 4 deletions router/router.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,8 @@ import (
func Create(db *database.GormDatabase, vInfo *model.VersionInfo, conf *config.Configuration) (*gin.Engine, func()) {
g := gin.New()

if conf.Server.TrustedProxies != nil {
g.SetTrustedProxies(conf.Server.TrustedProxies)
g.ForwardedByClientIP = true
}
g.SetTrustedProxies(conf.Server.TrustedProxies)
g.ForwardedByClientIP = true

g.Use(func(ctx *gin.Context) {
// Map sockets "@" to 127.0.0.1, because gin-gonic can only trust IPs.
Expand Down

0 comments on commit 949e5df

Please sign in to comment.