diff options
author | Jaime Martinez <jmartinez@gitlab.com> | 2020-02-04 02:09:50 +0300 |
---|---|---|
committer | Jaime Martinez <jmartinez@gitlab.com> | 2020-02-04 02:09:50 +0300 |
commit | 5ed1e7b82a5ddaa20d607bbe3bf2503026c78c2d (patch) | |
tree | 5e3af64c68c5da333b41b96fc47611e4aae48946 /README.md | |
parent | 711b882cdd7790281e431de1d77784ba53063a99 (diff) |
Update documentation on using Gorilla ProxyHeaders
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -182,7 +182,7 @@ Pages and another HTTP server have to co-exist on the same server. When `listen-proxy` is used please make sure that your reverse proxy solution is configured to strip the [RFC7239 Forwarded headers](https://tools.ietf.org/html/rfc7239). -The `gorilla/handlers.ProxyHeaders` middleware is used when listening behind a proxy via `listen-proxy` configuration option. For more information please review the [gorilla/handlers#ProxyHeaders](https://godoc.org/github.com/gorilla/handlers#ProxyHeaders) documentation. +We use `gorilla/handlers.ProxyHeaders` middleware. For more information please review the [gorilla/handlers#ProxyHeaders](https://godoc.org/github.com/gorilla/handlers#ProxyHeaders) documentation. > NOTE: This middleware should only be used when behind a reverse proxy like nginx, HAProxy or Apache. Reverse proxies that don't (or are configured not to) strip these headers from client requests, or where these headers are accepted "as is" from a remote client (e.g. when Go is not behind a proxy), can manifest as a vulnerability if your application uses these headers for validating the 'trustworthiness' of a request. |