Skip to content

Commit

Permalink
fix: correctly get x-forwarded-for for browser info in events (zitade…
Browse files Browse the repository at this point in the history 
…l#9149)

# Which Problems Are Solved

Events like "password check succeeded" store some information about the
caller including their IP.
The `X-Forwarded-For` was not correctly logged, but instead the
RemoteAddress.

# How the Problems Are Solved

- Correctly get the `X-Forwarded-For` in canonical form.

# Additional Changes

None

# Additional Context

closes [zitadel#9106](zitadel#9106)
  • Loading branch information
@livio-a
livio-a authored Jan 8, 2025
1 parent db8d794 commit c966446
Showing 1 changed file with 2 additions and 8 deletions.
10 changes: 2 additions & 8 deletions internal/api/http/header.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,14 +108,8 @@ func GetOrgID(r *http.Request) string {
}

func GetForwardedFor(headers http.Header) (string, bool) {
forwarded, ok := headers[ForwardedFor]
if ok {
ip := strings.TrimSpace(strings.Split(forwarded[0], ",")[0])
if ip != "" {
return ip, true
}
}
return "", false
forwarded := strings.Split(headers.Get(ForwardedFor), ",")[0]
return forwarded, forwarded != ""
}

func RemoteAddrFromCtx(ctx context.Context) string {
Expand Down

0 comments on commit c966446

Please sign in to comment.