lzh/picoclaw
1
0
Fork 0
mirror of https://github.com/sipeed/picoclaw.git synced 2026-06-12 18:08:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(web): harden trusted proxy client IP parsing

Browse Source
This commit is contained in:
lc6464
2026-06-10 12:30:00 +08:00
committed by Guoguo
parent 52ab6c4694
commit 017601354b
3 changed files with 95 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
web/README.md
+1
View File
@@ -156,6 +156,7 @@ When public access is enabled:
- optional `allowed_cidrs` can restrict which client IP ranges may connect
- `allow_localhost_bypass` defaults to `true`; set it to `false` when same-host proxies or tunnels should not bypass `allowed_cidrs`
- optional `trusted_proxy_cidrs` can trust specific reverse proxies to supply the original client IP through headers such as `X-Forwarded-For`
- trusted proxy deployments should overwrite or sanitize forwarding headers such as `X-Forwarded-For` and `X-Real-IP` instead of passing through user-supplied values
- the gateway host is overridden so remote clients can still use the launcher-managed proxy paths
## Build And Run