feat: respect x-* headers for redirections (langgenius#9054)

api/.env.example

@@ -271,6 +271,9 @@ HTTP_REQUEST_MAX_WRITE_TIMEOUT=600
 HTTP_REQUEST_NODE_MAX_BINARY_SIZE=10485760
 HTTP_REQUEST_NODE_MAX_TEXT_SIZE=1048576
 
+# Respect X-* headers to redirect clients
+RESPECT_XFORWARD_HEADERS_ENABLED=false
+
 # Log file path
 LOG_FILE=
 

api/app.py

@@ -36,6 +36,7 @@
     ext_login,
     ext_mail,
     ext_migrate,
+    ext_proxy_fix,
     ext_redis,
     ext_sentry,
     ext_storage,
@@ -156,6 +157,7 @@ def initialize_extensions(app):
     ext_mail.init_app(app)
     ext_hosting_provider.init_app(app)
     ext_sentry.init_app(app)
+    ext_proxy_fix.init_app(app)
 
 
 # Flask-Login configuration

api/configs/feature/__init__.py

@@ -247,6 +247,12 @@ def WEB_API_CORS_ALLOW_ORIGINS(self) -> list[str]:
         default=None,
     )
 
+    RESPECT_XFORWARD_HEADERS_ENABLED: bool = Field(
+        description="Enable or disable the X-Forwarded-For Proxy Fix middleware from Werkzeug"
+        " to respect X-* headers to redirect clients",
+        default=False,
+    )
+
 
 class InnerAPIConfig(BaseSettings):
     """

api/extensions/ext_proxy_fix.py

@@ -0,0 +1,10 @@
+from flask import Flask
+
+from configs import dify_config
+
+
+def init_app(app: Flask):
+    if dify_config.RESPECT_XFORWARD_HEADERS_ENABLED:
+        from werkzeug.middleware.proxy_fix import ProxyFix
+
+        app.wsgi_app = ProxyFix(app.wsgi_app)