Add X-Forwarded headers to serverless proxy

2 files changed, 7 insertions, 1 deletions

diff --git a/internal/serving/serverless/director.go b/internal/serving/serverless/director.go
index 83d792c3..0d046af9 100644
--- a/internal/serving/serverless/director.go
+++ b/internal/serving/serverless/director.go
@@ -3,6 +3,8 @@ package serverless
 import (
 	"net/http"
 	"strings"
+
+	"github.com/tomasen/realip"
 )
 
 // NewDirectorFunc returns a director function capable of configuring a proxy
@@ -13,6 +15,7 @@ func NewDirectorFunc(cluster Cluster) func(*http.Request) {
 		request.URL.Host = strings.Join([]string{cluster.Address, cluster.Port}, ":")
 		request.URL.Scheme = "https"
 		request.Header.Set("User-Agent", "GitLab Pages Daemon")
-		request.Header.Set("X-Forwarded-For", "123") // TODO
+		request.Header.Set("X-Forwarded-For", realip.FromRequest(request))
+		request.Header.Set("X-Forwarded-Proto", "https")
 	}
 }
diff --git a/internal/serving/serverless/serverless_test.go b/internal/serving/serverless/serverless_test.go
index 169f3de5..fc604608 100644
--- a/internal/serving/serverless/serverless_test.go
+++ b/internal/serving/serverless/serverless_test.go
@@ -20,6 +20,8 @@ func TestServeFileHTTP(t *testing.T) {
 
 	cluster := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		assert.Equal(t, "GitLab Pages Daemon", r.Header.Get("User-Agent"))
+		assert.Equal(t, "https", r.Header.Get("X-Forwarded-Proto"))
+		assert.Contains(t, r.Header.Get("X-Forwarded-For"), "127.0.0.123")
 	}))
 
 	cluster.TLS = &tls.Config{
@@ -43,6 +45,7 @@ func TestServeFileHTTP(t *testing.T) {
 	t.Run("when proxying simple request to a cluster", func(t *testing.T) {
 		writer := httptest.NewRecorder()
 		request := httptest.NewRequest("GET", "http://example.gitlab.com", nil)
+		request.Header.Set("X-Real-IP", "127.0.0.123")
 		handler := serving.Handler{Writer: writer, Request: request}
 
 		assert.True(t, serverless.ServeFileHTTP(handler))