Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

getRequestHost returns comma separated list of hosts in some proxy setups #992

Open
Ingramz opened this issue Mar 19, 2025 · 0 comments · May be fixed by #993
Open

getRequestHost returns comma separated list of hosts in some proxy setups #992

Ingramz opened this issue Mar 19, 2025 · 0 comments · May be fixed by #993
Labels
bug Something isn't working

Comments

@Ingramz
Copy link

Ingramz commented Mar 19, 2025

Environment

N/A

Reproduction

  1. Set up multiple proxies such that Apache HTTP Server is within a chain, for instance the very last proxy before h3:
    User Agent -> Proxy (any, proxy1.tld) -> Apache httpd (proxy2.tld) -> h3

  2. in h3 app, use getRequestHost({ xForwardedHost: true })

  3. Returns proxy1.tld, proxy2.tld

Describe the bug

Some proxies (eg. Apache HTTP Server) append additional hosts to X-Forwarded-Host header when it is part of a multiple proxy chain.

This obscure behavior is thoroughly explained in RicoSuter/NSwag#2370. Due to the non standard nature of the X-Forwarded-Host header, there isn't any authoritative literature to link to, but Envoy proxy documentation corroborates that the hosts should be appended.

In such cases only the first host similarly to X-Forwarded-For header should be returned by the getRequestHost function instead.

Additional context

No response

Logs


      		
    

      
  





        

            


            

              
            

        

      


      
    








      

    



      

  
            

    

      
    

    


      

          @Ingramz
Ingramz




          added
  the 

  bug

  Something isn't working
 label


      Mar 19, 2025

    

  



  

  

    
  


  

      

    @Ingramz
Ingramz



    linked a pull request
    
      Mar 19, 2025
    

    that will
    close
    this issue





  


  

      
   Open

  







  













  
  

    

      

  





  




  
  

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



  






  
                  




    

  


      
  

    Assignees
  



        

    No one assigned







      


  


  

    Labels
  



    

      

    bug

  Something isn't working








      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          


  

    

      
        

          
    

    Development
  




            
  
Successfully merging a pull request may close this issue.





    


  
          
      fix(getRequestHost): return first host from X-Forwarded-Host list

    
      Ingramz/h3
    





      
    

  




      

    

  
      

  

    

      1 participant
    

    

        
          @Ingramz