-
Notifications
You must be signed in to change notification settings - Fork 245
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
'x-forwarded-host' should be added to proxyHeadersIgnore by default #456
'x-forwarded-host' should be added to proxyHeadersIgnore by default #456
Comments
I think it’s good for me, PR welcome! CC @pi0 |
@pi0 You previously added a note in the docs for |
The
X-Forwarded-Host
header is a very common header used by Reverse Proxies like Nginx and Cloudflare.If I have both Nuxt and my API behind a reverse proxy, Nuxt gets a header like
X-Forwarded-Host: my-nuxt-app.example.com
so when making an API call this axios module happily copies that header over to the API Request.When Nginx gets
X-Forwarded-Host
in a request it causes a lot of confusion which leads to it rewriting theHost
header to be likeHost: my-nuxt-app.example.com
even though the request gets routed to the API Server.This in turn confuses a lot of API Servers because they get an unexpected
Host
header value. Django for example has anALLOWED_HOSTS
config and uses it to secure against fake host headers.So to summarize, I don't think there will ever be a case were a developer would want the
X-Forwarded-Host
header proxied by Axios, it's logically incorrect and causes a lot of confusion. This is why I think it should be part of theproxyHeadersIgnore
by default and save other people the 5 hours I spent trying to debug the issue I had.The text was updated successfully, but these errors were encountered: