[fix] ctx.request.origin ignores proxy flag (X-Forwarded-Proto)

soknifedev commented 1 year ago

Describe the bug

When using the proxy flag set to true, ctx.request.origin ignores it, returning http:// instead of https:// (taken from X-Forwarded-Proto, available in ctx.protocol)

Node.js version: v16.14.0

OS version: Debian 10

Description: With koa's proxy flag to true, ctx.request.origin returns wrong protocol because it doesn't match with the X-Forwarded-Proto header (available in ctx.protocol).

Actual behavior [app.proxy=true]

http://mywebsite.com

Expected behavior [app.proxy=true]

https://mywebsite.com

Code to reproduce

const Koa = require('koa');
const app = new Koa({ proxy: true });
app.use(ctx => {
  ctx.body = 'Hello Koa, origin:' + ctx.request.origin + '; protocol=' + ctx.protocol;
});

app.listen(3000);

I didn't submit a pull request since this is a very simple bug and it requires a reverse proxy setup (like nginx) to reproduce

Checklist

[X] I have searched through GitHub issues for similar issues.
[X] I have completely read through the README and documentation.
[X] I have tested my code with the latest version of Node.js and this package and confirmed it is still not working.

siakc commented 8 months ago

Could not reproduce. Code looked OK. Behavior looked OK. When proxy option is on, any X-Forwarded-Proto value is shown as the protocol and ctx.protocol is consistent with ctx.request.origin.

soknifedev commented 7 months ago

Could not reproduce. Code looked OK. Behavior looked OK. When proxy option is on, any X-Forwarded-Proto value is shown as the protocol and ctx.protocol is consistent with ctx.request.origin.

Sorry for late reply. I'll re-verify the consistency of ctx.protocol again.

I did it before using a nginx reverse proxy + cloudflare, that may be causing the problem.

koajs / koa