How to handle host headersΒ #753
Description
ref/discussion: see #752
When OpenNext is behind a reverse proxy (i.e. aws wrappers) the host can be retrieved from header["x-forwarded-host"].
For Node, it depends how the infra is setup (behind a RP or not).
We also have this:
opennextjs-aws/packages/open-next/src/core/requestHandler.ts
Lines 46 to 48 in e48951f
header["x-forwarded-host"] should not be trusted if not behind a reverse proxy as it can be forged.
We should figure out the best way to configure this.