From f216b152eed5673d1316671ca84702bd91cb2065 Mon Sep 17 00:00:00 2001
From: proffapt <proffapt@pm.me>
Date: Tue, 2 Jul 2024 19:37:59 +0530
Subject: [PATCH] fix: heimdall receiving mutliple x-forwarded-for ips

---
 metaploy/naarad.metaploy.conf | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/metaploy/naarad.metaploy.conf b/metaploy/naarad.metaploy.conf
index 24ed3e1..85d1fe1 100644
--- a/metaploy/naarad.metaploy.conf
+++ b/metaploy/naarad.metaploy.conf
@@ -32,15 +32,15 @@ server {
     # our custon signup logic, which ultimately renders the
     # SignUp button on the webapp useless
     location = /v1/account {
-        set $test O;
+        set $allowed O;
         valid_referers https://naarad-signup.metakgp.org;
         if ($invalid_referer) {
-            set $test A;
+            set $allowed A;
         }
         if ($request_method = POST) {
-            set $test "${test}B";
+            set $allowed "${allowed}B";
         }
-        if ($test = AB) {
+        if ($allowed = AB) {
             return 403;
         }
 
@@ -74,13 +74,12 @@ server {
         proxy_pass http://heimdall_server/validate-jwt;
         proxy_set_header Cookie $http_cookie;
 
+        proxy_pass_request_body off;
+
         proxy_set_header Host $host;
         proxy_set_header Content-Length "";
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Original-URI $request_uri;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-        proxy_pass_request_body off;
     }
 
     # Handle case when auth fails in /auth sub request