IP spoofing. - Githubissues

ZeroTixDev / Darrows

pvp io game that uses bow and arrows - sequel to death arrows

1 stars 3 forks source link

Closed 10maurycy10 closed 2 years ago

10maurycy10 commented 2 years ago

IP spoofing is possible if the server is not behind an http proxy, by setting the x-forwarded-for header.

10maurycy10 commented 2 years ago

This could be fixed with a config flag determining whether the server should trust x-forwarded-for

ZeroTixDev commented 2 years ago

IP spoofing is possible if the server is not behind an http proxy, by setting the x-forwarded-for header.

I can enforce https on herokuapp domain

10maurycy10 commented 2 years ago

How will this help?

This is a problem when running an instance w/out heroku or replit.

10maurycy10 commented 2 years ago

UPDATE: this is possible even with heroku.

ZeroTixDev commented 2 years ago

Fixed now