Skip to content

Commit

Permalink
fix: add x-forwarded-{port,proto} to proxyHeaderIgnore defaults (#…
Browse files Browse the repository at this point in the history
  • Loading branch information
bblanchon committed Jan 11, 2021
1 parent c6e256c commit 6bce312
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 3 deletions.
4 changes: 2 additions & 2 deletions docs/content/en/options.md
Original file line number Diff line number Diff line change
Expand Up @@ -168,11 +168,11 @@ This also helps making consistent requests in both SSR and Client Side code.

## `proxyHeadersIgnore`

* Default `['accept', 'host', 'x-forwarded-host', 'cf-ray', 'cf-connecting-ip', 'content-length', 'content-md5', 'content-type']`
* Default `['accept', 'host', 'x-forwarded-host', 'x-forwarded-port', 'x-forwarded-proto', 'cf-ray', 'cf-connecting-ip', 'content-length', 'content-md5', 'content-type']`

This is useful and effective only when `proxyHeaders` is set to true. It removes unwanted requests headers to the API backend in SSR.

Ignoring the headers `x-forwarded-host`, `cf-ray`, and `cf-connecting-ip` is necessary to avoid confusing reverse proxies (including CloudFlare) and avoid causing proxy loops.
Ignoring the headers `x-forwarded-*`, `cf-ray`, and `cf-connecting-ip` is necessary to avoid confusing reverse proxies (including CloudFlare) and avoid causing proxy loops.

## `headers`

Expand Down
13 changes: 12 additions & 1 deletion lib/module.js
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,18 @@ function axiosModule (_moduleOptions) {
debug: false,
progress: true,
proxyHeaders: true,
proxyHeadersIgnore: ['accept', 'host', 'x-forwarded-host', 'cf-ray', 'cf-connecting-ip', 'content-length', 'content-md5', 'content-type'],
proxyHeadersIgnore: [
'accept',
'cf-connecting-ip',
'cf-ray',
'content-length',
'content-md5',
'content-type',
'host',
'x-forwarded-host',
'x-forwarded-port',
'x-forwarded-proto'
],
proxy: false,
retry: false,
https,
Expand Down

0 comments on commit 6bce312

Please sign in to comment.