diff --git a/api/.env.example b/api/.env.example index fb0fc045b0850f..71f0e5db8f8b9b 100644 --- a/api/.env.example +++ b/api/.env.example @@ -271,6 +271,9 @@ HTTP_REQUEST_MAX_WRITE_TIMEOUT=600 HTTP_REQUEST_NODE_MAX_BINARY_SIZE=10485760 HTTP_REQUEST_NODE_MAX_TEXT_SIZE=1048576 +# Respect X-* headers to redirect clients +RESPECT_XFORWARD_HEADERS_ENABLED=false + # Log file path LOG_FILE= diff --git a/api/app.py b/api/app.py index 1b58beee158199..bbc194d11daf73 100644 --- a/api/app.py +++ b/api/app.py @@ -36,6 +36,7 @@ ext_login, ext_mail, ext_migrate, + ext_proxy_fix, ext_redis, ext_sentry, ext_storage, @@ -156,6 +157,7 @@ def initialize_extensions(app): ext_mail.init_app(app) ext_hosting_provider.init_app(app) ext_sentry.init_app(app) + ext_proxy_fix.init_app(app) # Flask-Login configuration diff --git a/api/configs/feature/__init__.py b/api/configs/feature/__init__.py index 9218d529cc09ef..93dbc1367f394c 100644 --- a/api/configs/feature/__init__.py +++ b/api/configs/feature/__init__.py @@ -247,6 +247,12 @@ def WEB_API_CORS_ALLOW_ORIGINS(self) -> list[str]: default=None, ) + RESPECT_XFORWARD_HEADERS_ENABLED: bool = Field( + description="Enable or disable the X-Forwarded-For Proxy Fix middleware from Werkzeug" + " to respect X-* headers to redirect clients", + default=False, + ) + class InnerAPIConfig(BaseSettings): """ diff --git a/api/extensions/ext_proxy_fix.py b/api/extensions/ext_proxy_fix.py new file mode 100644 index 00000000000000..c106a4384a156f --- /dev/null +++ b/api/extensions/ext_proxy_fix.py @@ -0,0 +1,10 @@ +from flask import Flask + +from configs import dify_config + + +def init_app(app: Flask): + if dify_config.RESPECT_XFORWARD_HEADERS_ENABLED: + from werkzeug.middleware.proxy_fix import ProxyFix + + app.wsgi_app = ProxyFix(app.wsgi_app)