Detect X-Forwarded-For header when reverse proxy is used

[antoniozh]

Description

I added an if-case in VideoStreamsController that checks for the X-Forwarded-For header so that when a reverse proxy is used, the client host panel will show the proxied IP instead. There could be some setting in the future for a trusted downstream proxy, but I'll just conveniently assume that a client which can already access the server is unlikely an attacker.

Issues Fixed or Closed

• Fixes #(issue)

Type of Change

Please delete options that are not relevant.

• [ ] New feature (non-breaking change which adds functionality)

Checklist

• [ X] My code follows the style guidelines of this project
• [ X] I have performed a self-review of my own code
• [ X] I have commented my code, particularly in hard-to-understand areas

[antoniozh]

In my case, only localhost was shown as the IP address, so I'm afraid not. Edit: I checked the MS docs and it seems like you are right about the forward options, but I'm not sure why the x-forwarded-for headers are not taken into account

Edit 2: This might be the reason: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-8.0

"If no ForwardedHeadersOptions are specified or applied directly to the extension method with UseForwardedHeaders, the default headers to forward are ForwardedHeaders.None. The ForwardedHeaders property must be configured with the headers to forward."

[SenexCrenshaw]

specified or applied directly t

good catch!

[SenexCrenshaw]

i believe this no longer needed