Closed riragh closed 1 year ago
I am ok with this as long as we tested the SAS coded and verified that the systems still work without this item.
Yes this change was verified on all the cloud providers, SAS Viya Platform deployments were successful and applications were accessible.
Changes:
Previously the default value for
use-forwarded-headers
was set to true. This has raised a security concern as it allows spoofing source IP via X-Forwarded-For header.NGINX Ingress Controller states the use of
use-forwarded-headers
as follows:As NGINX is not behind another L7 proxy / load balancer this PR will set the
use-forwarded-headers
to false by default. Instructions are added in troubleshooting guide if user wishes to enable this setting.Tests:
use-forwarded-headers = false
. See additional details and tests in internal ticket: