From 3a5cacb4555762d116a818cfc09d9c4ddde3167d Mon Sep 17 00:00:00 2001 From: Benoit Blanchon Date: Mon, 11 Jan 2021 11:05:30 +0100 Subject: [PATCH] fix: add `x-forwarded-{port,proto}` to `proxyHeaderIgnore` defaults (#462) --- docs/content/en/options.md | 4 ++-- lib/module.js | 13 ++++++++++++- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/docs/content/en/options.md b/docs/content/en/options.md index e865f07..ce9c075 100644 --- a/docs/content/en/options.md +++ b/docs/content/en/options.md @@ -168,11 +168,11 @@ This also helps making consistent requests in both SSR and Client Side code. ## `proxyHeadersIgnore` -* Default `['accept', 'host', 'x-forwarded-host', 'cf-ray', 'cf-connecting-ip', 'content-length', 'content-md5', 'content-type']` +* Default `['accept', 'host', 'x-forwarded-host', 'x-forwarded-port', 'x-forwarded-proto', 'cf-ray', 'cf-connecting-ip', 'content-length', 'content-md5', 'content-type']` This is useful and effective only when `proxyHeaders` is set to true. It removes unwanted requests headers to the API backend in SSR. -Ignoring the headers `x-forwarded-host`, `cf-ray`, and `cf-connecting-ip` is necessary to avoid confusing reverse proxies (including CloudFlare) and avoid causing proxy loops. +Ignoring headers like `x-forwarded-host` is necessary to avoid confusing reverse proxies (like Nginx and CloudFlare) and avoid causing proxy loops. ## `headers` diff --git a/lib/module.js b/lib/module.js index f898e37..f4c1bec 100755 --- a/lib/module.js +++ b/lib/module.js @@ -64,7 +64,18 @@ function axiosModule (_moduleOptions) { debug: false, progress: true, proxyHeaders: true, - proxyHeadersIgnore: ['accept', 'host', 'x-forwarded-host', 'cf-ray', 'cf-connecting-ip', 'content-length', 'content-md5', 'content-type'], + proxyHeadersIgnore: [ + 'accept', + 'cf-connecting-ip', + 'cf-ray', + 'content-length', + 'content-md5', + 'content-type', + 'host', + 'x-forwarded-host', + 'x-forwarded-port', + 'x-forwarded-proto' + ], proxy: false, retry: false, https,