Closed 10maurycy10 closed 2 years ago
This could be fixed with a config flag determining whether the server should trust x-forwarded-for
IP spoofing is possible if the server is not behind an http proxy, by setting the
x-forwarded-for
header.
I can enforce https on herokuapp domain
How will this help?
This is a problem when running an instance w/out heroku or replit.
UPDATE: this is possible even with heroku.
Fixed now
IP spoofing is possible if the server is not behind an http proxy, by setting the
x-forwarded-for
header.