search

sveltejs / kit

web development, streamlined
https://kit.svelte.dev
MIT License
18.43k stars 1.89k forks source link

dev mode ignoring `X-Forwarded-Proto` and `X-Forwarded-Host` headers #11902

Open eltigerchino opened 6 months ago

eltigerchino commented 6 months ago

Discussed in https://github.com/sveltejs/kit/discussions/11900

Originally posted by **yannishin** February 26, 2024 I expected the return from the Hook to be event.url.host=ui.foo.com, event.url.protocol=https:, but it is returning event.url.host=ui_server/ui, event.url.protocol=http:. How should I solve this issue? Given that event.request.headers.get("X-Forwarded-Host") and event.request.headers.get("X-Forwarded-Proto") are returning null, it seems that the node server(adapter-node.) is not recognizing the X-Forwarded-??? headers. For reference, the API Server developed with spring boot is correctly returning ui.foo.com, https:. This is Nginx Config upstream ui_server { ip_hash; ui.foo.com:17001; keepalive 100; } location /ui { proxy_pass http://ui_server/ui; proxy_http_version 1.1; proxy_set_header Connection $connection_upgrade; proxy_set_header Upgrade $http_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header Forwarded "for=$proxy_add_x_forwarded_for; host=$host; proto=$scheme"; charset utf-8; access_log /opt/naon/app/nginx/logs/ui-access.log postdata; }
Conduitry commented 6 months ago

@yannishin Are the appropriate environment variables set at runtime in the built application? https://kit.svelte.dev/docs/adapter-node#environment-variables-origin-protocolheader-hostheader-and-port-header

yannishin commented 6 months ago

@Conduitry https://kit.svelte.dev/docs/adapter-node#environment-variables-origin-protocolheader-hostheader-and-port-header

The description in the link above seems to apply to the settings when building, and I want it to apply in dev mode.

Conduitry commented 6 months ago

Ah, okay, if it's in dev mode, then you're not actually running any adapter-node code.

What you're asking to do isn't currently supported. We could either add SvelteKit-level configuration for controlling this at dev time only (which feels a bit weird to me), or we could roll this into work to let adapter influence the dev-time behavior of apps (which feels like the better solution, but will take longer to settle on an API - #2304 / #3535).

rskvazh commented 3 weeks ago

Because of this development with Cloudflare tunnel + SvelteKit is harder :(