Skip to content

feat(http): optional X-Forwarded-Host support for host authorization #50

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 12, 2025
Merged

feat(http): optional X-Forwarded-Host support for host authorization #50

merged 4 commits into from
Aug 12, 2025

Conversation

hugodutka
Copy link
Collaborator

@hugodutka hugodutka commented Aug 9, 2025
edited by blink-so-v1 bot
Loading

Summary:

  • Adds --use-x-forwarded-host CLI flag and ServerConfig.UseXForwardedHost.
  • When enabled, hostAuthorizationMiddleware prefers X-Forwarded-Host (first value, before comma), extracts hostname via url.Parse and matches against AllowedHosts (case-insensitive, ignoring port). Falls back to r.Host if header is absent.
  • Adds tests covering enabled/disabled behavior, port in header, IPv6 literal, and comma-separated header values.
  • CLI tests updated to assert default false, env var (AGENTAPI_USE_X_FORWARDED_HOST) parsing, and CLI override precedence.
  • README: documents the new flag and env var with guidance on trusted proxy usage.

Notes:

  • Semantics mirror Django’s USE_X_FORWARDED_HOST gating, but limited to Host selection only.
  • No behavior change when the flag is false (default).

Testing:

  • go test ./... passes locally.

blink-so-v1 bot and others added 4 commits August 9, 2025 08:11
@blink-so-v1
feat(http): optional X-Forwarded-Host support for host authorization\…
6fa56b6 
…n\nAdds --use-x-forwarded-host CLI flag and ServerConfig.UseXForwardedHost.\nWhen enabled, the middleware prefers X-Forwarded-Host (first value, before comma),\nparses and matches hostname ignoring port. Includes tests for enabled/disabled,\nports, IPv6, and comma-separated cases.\n\nCo-authored-by: hugodutka <[email protected]>
@blink-so-v1
test(cli): assert default and env/precedence for --use-x-forwarded-ho…
bbf9102 
…st\n\nExtend CLI tests to cover default false, env var AGENTAPI_USE_X_FORWARDED_HOST,\nand CLI overrides env precedence.\n\nCo-authored-by: hugodutka <[email protected]>
@blink-so-v1
docs(readme): document --use-x-forwarded-host and env var\n\nExplain …
7f9234f 
…when to enable, behavior (first value, comma-trimming, hostname-only, IPv6),\nand security considerations (trusted proxy).\n\nCo-authored-by: hugodutka <[email protected]>
@hugodutka
Update README.md
2213e2b
@bpmct bpmct merged commit d1fb1b0 into hugodutka/allowed-hosts Aug 12, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bpmct bpmct bpmct approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hugodutka @bpmct