Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only use Host header from reverse proxy #32060

Merged
merged 1 commit into from
Sep 20, 2024
Merged

Only use Host header from reverse proxy #32060

merged 1 commit into from
Sep 20, 2024

Conversation

wxiaoguang
Copy link
Contributor

@wxiaoguang wxiaoguang commented Sep 17, 2024
edited
Loading

X-Forwarded-Host has many problems: non-standard, not well-defined (X-Forwarded-Port or not), conflicts with Host header, it already caused problems like #31907. So do not use X-Forwarded-Host, just use Host header directly.

Official document also only uses Host header and never mentioned others.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Sep 17, 2024
@pull-request-size pull-request-size bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Sep 17, 2024
@github-actions github-actions bot added the modifies/go Pull requests that update Go code label Sep 17, 2024
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Sep 17, 2024
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Sep 18, 2024
@yp05327 yp05327 added this to the 1.23.0 milestone Sep 18, 2024
@lunny lunny added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Sep 18, 2024
@wxiaoguang wxiaoguang force-pushed the fox-host-header branch 4 times, most recently from ac4319b to cebffcf Compare September 20, 2024 14:21
@wxiaoguang wxiaoguang enabled auto-merge (squash) September 20, 2024 14:31
@wxiaoguang wxiaoguang merged commit 3b10fd9 into go-gitea:main Sep 20, 2024
26 checks passed
@GiteaBot GiteaBot removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Sep 20, 2024
@wxiaoguang wxiaoguang deleted the fox-host-header branch September 20, 2024 14:58
@lunny lunny mentioned this pull request Sep 20, 2024
Merged
zjjhot added a commit to zjjhot/gitea that referenced this pull request Sep 21, 2024
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
19aa38d 
* giteaofficial/main:
  Fix incorrect `/tokens` api (go-gitea#32085)
  Set manual `tabindex`es on login page (go-gitea#31689)
  Only use Host header from reverse proxy (go-gitea#32060)
  [skip ci] Updated translations via Crowdin
lunny added a commit that referenced this pull request Sep 22, 2024
@lunny
Fix mssql ci with a new mssql version on ci (#32094)
69ba37e 
backport from #32060
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Dec 19, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lunny lunny lunny approved these changes

@yp05327 yp05327 yp05327 approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/go Pull requests that update Go code modifies/internal size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
1.23.0
Development

Successfully merging this pull request may close these issues.
4 participants
@wxiaoguang @lunny @yp05327 @GiteaBot