Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

set trust for first proxy when env is prod #3793

Merged
merged 2 commits into from
Jan 26, 2023
Merged

set trust for first proxy when env is prod #3793

merged 2 commits into from
Jan 26, 2023

Conversation

sfrunza13
Copy link
Contributor

Issue This PR Addresses

Fixes #3792

Type of Change

  • Bugfix: Change which fixes an issue
  • New Feature: Change which adds functionality
  • Documentation Update: Change which improves documentation
  • UI: Change which improves UI

Description

I am trying to find a way to make the new cookie settings work, perhaps this might be a step in the right direction.

Steps to test the PR

Checklist

  • Quality: This PR builds and passes our npm test and works locally (but it only changes anything in prod so idk if this means anything)
  • Tests: This PR includes thorough tests or an explanation of why it does not
  • Screenshots: This PR includes screenshots or GIFs of the changes made or an explanation of why it does not (if applicable)
  • Documentation: This PR includes updated/added documentation to user exposed functionality or configuration variables are added/changed or an explanation of why it does not(if applicable)

@sfrunza13 sfrunza13 requested a review from humphd January 26, 2023 00:02
humphd
humphd requested changes Jan 26, 2023
View reviewed changes
Copy link
Contributor

@humphd humphd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From the docs:

Number: use the address that is at most n number of hops away from the Express application. req.socket.remoteAddress is the first hop, and the rest are looked for in the X-Forwarded-For header from right to left. A value of 0 means that the first untrusted address would be req.socket.remoteAddress, i.e. there is no reverse proxy.When using this setting, it is important to ensure there are not multiple, different-length paths to the Express application such that the client can be less than the configured number of hops away, otherwise it may be possible for the client to provide any value.

We are behind 2 proxies:

  1. nginx
  2. traefik

I wonder if this should be 2? I'm not sure.

@sfrunza13
Copy link
Contributor Author

I suppose you're right, it should probably be 2

@sfrunza13 sfrunza13 requested a review from humphd January 26, 2023 00:49
humphd
humphd approved these changes Jan 26, 2023
View reviewed changes
Copy link
Contributor

@humphd humphd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is good. @manekenpix, do you have any concerns?

@manekenpix
Copy link
Member

I think this is good. @manekenpix, do you have any concerns?

@humphd LGTM 👍

@manekenpix manekenpix added the area: sso Authentication label Jan 26, 2023
@sfrunza13
Copy link
Contributor Author

Can I squash and merge?

@manekenpix
Copy link
Member

@sfrunza13 I think this is good to go.

@humphd
Copy link
Contributor

humphd commented Jan 26, 2023

@sfrunza13 yeah, go for it

@sfrunza13 sfrunza13 merged commit 094abc3 into Seneca-CDOT:master Jan 26, 2023
@sfrunza13 sfrunza13 deleted the #3792 branch January 26, 2023 20:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@humphd humphd humphd approved these changes

Assignees

@sfrunza13 sfrunza13

Labels
area: sso Authentication
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Trusting the proxy
3 participants
@sfrunza13 @manekenpix @humphd