fix: heimdall receiving mutliple x-forwarded-for ips

metakgp · Jul 2, 2024 · f216b15 · f216b15
1 parent 23d2774
commit f216b15
Showing 1 changed file with 6 additions and 7 deletions.
diff --git a/metaploy/naarad.metaploy.conf b/metaploy/naarad.metaploy.conf
@@ -32,15 +32,15 @@ server {
     # our custon signup logic, which ultimately renders the
     # SignUp button on the webapp useless
     location = /v1/account {
-        set $test O;
+        set $allowed O;
         valid_referers https://naarad-signup.metakgp.org;
         if ($invalid_referer) {
-            set $test A;
+            set $allowed A;
         }
         if ($request_method = POST) {
-            set $test "${test}B";
+            set $allowed "${allowed}B";
         }
-        if ($test = AB) {
+        if ($allowed = AB) {
             return 403;
         }
 
@@ -74,13 +74,12 @@ server {
         proxy_pass http://heimdall_server/validate-jwt;
         proxy_set_header Cookie $http_cookie;
 
+        proxy_pass_request_body off;
+
         proxy_set_header Host $host;
         proxy_set_header Content-Length "";
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Original-URI $request_uri;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-        proxy_pass_request_body off;
     }
 
     # Handle case when auth fails in /auth sub request