search

nextcloud / app_api

Nextcloud AppAPI
https://apps.nextcloud.com/apps/app_api
GNU Affero General Public License v3.0
81 stars 7 forks source link

fix: Proxy: do not trust input - always set own value for 'X-Origin-IP' #354

Closed bigcat88 closed 3 months ago

bigcat88 commented 3 months ago

An external packet received by the proxy can have any value in 'X-Origin-IP' - we can't trust it, it's best to set it on our own