${AspNetRequestIp} added CheckForwardedForHeader to check for X-Forwarded-For header #325
Conversation
|
Fixes #324 |
Codecov Report
@@ Coverage Diff @@
## master #325 +/- ##
=====================================
+ Coverage 62% 63% +1%
=====================================
Files 32 32
Lines 454 466 +12
Branches 97 101 +4
=====================================
+ Hits 282 294 +12
+ Misses 135 132 -3
- Partials 37 40 +3
Continue to review full report at Codecov.
|
| #if !ASP_NET_CORE | ||
| if (CheckForwardedForHeader) | ||
| { | ||
| var forwardedHeader = httpContext.TryGetRequest().Headers[ForwardedForHeader]; |
There was a problem hiding this comment.
Instead of calling httpContext.TryGetRequest() twice, then do it once and reuse it for Headers[ForwardedForHeader] and ServerVariables["REMOTE_ADDR"] (Maybe also handle null value from TryGetRequest)
| var ip = httpContext.Connection?.RemoteIpAddress; | ||
| if (CheckForwardedForHeader) | ||
| { | ||
| var forwardedHeaders = httpContext.Request.Headers.GetCommaSeparatedValues(ForwardedForHeader); |
There was a problem hiding this comment.
Maybe perform if (Headers.ContainsKey(ForwardedForHeader)) before doing the GetCommaSeparatedValues-call. To reduce allocation when nothing to parse.
There was a problem hiding this comment.
If the header is missing GetCommaSeparatedValues returns StringValues.Empty which is a static field so I think it shouldn't cause any extra allocation
There was a problem hiding this comment.
Not when reading the code:
But yes StringValues.Empty and ToArray does not allocate. But the ParsingHelpers is very eager as it allocates a yield-state-machine no matter what.
There was a problem hiding this comment.
OK, I will add that check
|
Maybe possible to create a unit-test similar to |
|
Tests added |
|
Thank you for the unit-tests. One last request from me. Could the logic be refactored so it becomes: string ip = CheckForwardedForHeader ? TryLookupForwardHeader(httpContext) : string.Empty;
if (string.IsNullOrEmpty(ip))
{
#if !ASP_NET_CORE
ip = httpContext.TryGetRequest()?.ServerVariables["REMOTE_ADDR"];
#else
ip = httpContext.Connection?.RemoteIpAddress;
#endif
}
builder.Append(ip);Then it would reduce the amount of code in one method. Will also skip double lookup of ip-address. And maybe make the "Better Code Hub" more happy. |
|
What should be the type of context parameter in |
|
Maybe something like this #if !ASP_NET_CORE
string TryLookupForwardHeader(System.Web.HttpContextBase httpContext)
{
// Blah Blah
}
#else
string TryLookupForwardHeader(Microsoft.AspNetCore.Http.HttpContext httpContext)
{
// Blah Blah
}
#endif |
|
Do you think it's worth the hassle? I will have to call |
|
Alternative like this: {
var httpRequest = httpContext.TryGetRequest();
if (httpRequest==null)
return;
string ip = CheckForwardedForHeader ? TryLookupForwardHeader(httpRequest) : string.Empty;
if (string.IsNullOrEmpty(ip))
{
#if !ASP_NET_CORE
ip = httpRequest.ServerVariables["REMOTE_ADDR"];
#else
ip = httpContext.Connection?.RemoteIpAddress;
#endif
}
builder.Append(ip);
}
#if !ASP_NET_CORE
string TryLookupForwardHeader(System.Web.HttpRequestBase httpRequest)
{
// New logic
}
#else
string TryLookupForwardHeader(Microsoft.AspNetCore.Http.HttpRequest httpRequest)
{
// New logic
}
#endif |
|
OK, I don't fully agree with that but I can do it. |
|
Thank you. All lights have become green. Now just need the final approval stamp from @304NotModified |
304NotModified
changed the title
|
Thanks for the contribution! Also thanks @snakefoot for the reviews! 👍 🎉 |
304NotModified
modified the milestones:
NLog.Web + NLog.Web.AspNetCore 4.7,
NLog.Web + NLog.Web.AspNetCore 4.7.1
snakefoot
added
ASP.NET Core
No description provided.