Open neclimdul opened 1 month ago
For clarity, haproxy is on such proxy that appends a header. This is the default reverse proxy built into pfsense and opnsense with GUI controls and letsencrypt integration.
Hey there @home-assistant/core, mind taking a look at this issue as it has been labeled with an integration (http
) you are listed as a code owner for? Thanks!
(message by CodeOwnersMention)
http documentation http source (message by IssueLinks)
The problem
This line has incorrectly triggers an error when receiving multiple forward headers. https://github.com/home-assistant/core/blob/d88487e30be24f32a99d958ebb7de597f17710a1/homeassistant/components/http/forwarded.py#L114-L119
This causes failures on reasonably common and valid setups leading to bug reports.
https://github.com/home-assistant/core/issues/108982
Maybe others? There seem to be some discussions that sounds like they are running into this.
The problem happens when you have multiple reverse proxies. For example a WAF/CDN like cloud flare plus an edge router to handle NAT complexity on a home Network.
Cloudflare -> firewall NAT to reverse proxy -> HA
for some reverse proxies, this still isn't a problem because they'll combine the ips into a list but this isn't a requirement.
This fact and the logic for it is to combine the lists, appending the later headers on.
This documented in the forwards rfc for the standardized field
As well as the MDN documentation for the defacto standard this code is looking at.
What version of Home Assistant Core has the issue?
core-2024.9.1
What was the last working version of Home Assistant Core?
No response
What type of installation are you running?
Home Assistant OS
Integration causing the issue
No response
Link to integration documentation on our website
No response
Diagnostics information
No response
Example YAML snippet
No response
Anything in the logs that might be useful for us?
No response
Additional information
No response