diff options
| author | Ahmad Thoriq Najahi <najahi@zephyrus.id> | 2024-05-24 00:51:19 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-24 00:51:19 +0300 |
| commit | d070a82b3d0149904a5d54ec3608c5789a6a265a (patch) | |
| tree | b9bc8ad45977d65763df07982b8f4899e89ac951 /web/middleware | |
| parent | 5ec16301a66a35361608af951ff71d43a3aa53dc (diff) | |
feat: Enhance host extraction from headers (#2292)
- Refactor SUBController subs and subJsons methods to extract host from X-Forwarded-Host header, falling back to X-Real-IP header and then to the request host if unavailable.
- Update html function to extract host from X-Forwarded-Host header, falling back to X-Real-IP header and then to the request host if unavailable.
- Update DomainValidatorMiddleware to first attempt to extract host from X-Forwarded-Host header, falling back to X-Real-IP header and then to the request host.
Fixes: #2284
Signed-off-by: Ahmad Thoriq Najahi <najahi@zephyrus.id>
Diffstat (limited to 'web/middleware')
| -rw-r--r-- | web/middleware/domainValidator.go | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/web/middleware/domainValidator.go b/web/middleware/domainValidator.go index 2beecfdb..26a23895 100644 --- a/web/middleware/domainValidator.go +++ b/web/middleware/domainValidator.go @@ -9,13 +9,17 @@ import ( func DomainValidatorMiddleware(domain string) gin.HandlerFunc { return func(c *gin.Context) { - host, _, _ := net.SplitHostPort(c.Request.Host) - - if host != domain { - c.AbortWithStatus(http.StatusForbidden) - return + host := c.GetHeader("X-Forwarded-Host") + if host == "" { + host = c.GetHeader("X-Real-IP") } - + if host == "" { + host, _, _ := net.SplitHostPort(c.Request.Host) + if host != domain { + c.AbortWithStatus(http.StatusForbidden) + return + } c.Next() + } } } |