Closed hc4 closed 8 years ago
Currently trusted subnets checked even if checking disabled.
Should be checked only if option enabed:
if (config.requireTrustedProxies()) { final boolean inTrustedSubnets = trustedProxies.stream() .anyMatch(ipSubnet -> { try { return ipSubnet.contains(headersToken.getRemoteAddr()); } catch (UnknownHostException ignored) { LOG.debug("Looking up remote address {} failed.", headersToken.getRemoteAddr()); return false; } }); if(!inTrustedSubnets) { LOG.info("Request with trusted header {} received from {} which is not in the trusted subnets: {}", usernameHeader, headersToken.getRemoteAddr(), Joiner.on(", ").join(trustedProxies)); return null; } }
Problem description
Currently trusted subnets checked even if checking disabled.
Should be checked only if option enabed:
Environment