forward headers from server component and make trust_proxy config a number

2025-07-01 17:44:52 +02:00 · 2025-06-19 11:22:29 -04:00 · 2025-06-19 11:22:29 -04:00 · 97ae76e4e7
commit 97ae76e4e7
parent c043912f94
3 changed files with 12 additions and 4 deletions
--- a/server/apiServer.ts
+++ b/server/apiServer.ts
@ -20,8 +20,9 @@ const externalPort = config.getRawConfig().server.external_port;
 export function createApiServer() {
    const apiServer = express();
-    if (config.getRawConfig().server.trust_proxy) {
+    const trustProxy = config.getRawConfig().server.trust_proxy;
-        apiServer.set("trust proxy", 1);
+    if (trustProxy) {
        apiServer.set("trust proxy", trustProxy);
    }
    const corsConfig = config.getRawConfig().server.cors;
--- a/server/lib/readConfigFile.ts
+++ b/server/lib/readConfigFile.ts
@ -112,7 +112,7 @@ export const configSchema = z.object({
                credentials: z.boolean().optional()
            })
            .optional(),
-        trust_proxy: z.boolean().optional().default(true),
+        trust_proxy: z.number().int().gte(0).optional().default(1),
        secret: z
            .string()
            .optional()
--- a/src/lib/api/cookies.ts
+++ b/src/lib/api/cookies.ts
@ -1,4 +1,4 @@
-import { cookies } from "next/headers";
+import { cookies, headers } from "next/headers";
 import { pullEnv } from "../pullEnv";
 export async function authCookieHeader() {
@ -7,9 +7,16 @@ export async function authCookieHeader() {
    const allCookies = await cookies();
    const cookieName = env.server.sessionCookieName;
    const sessionId = allCookies.get(cookieName)?.value ?? null;
    // all other headers
    // this is needed to pass through x-forwarded-for, x-forwarded-proto, etc.
    const otherHeaders = await headers();
    const otherHeadersObject = Object.fromEntries(otherHeaders.entries());
    return {
        headers: {
            Cookie: `${cookieName}=${sessionId}`,
            ...otherHeadersObject
        },
    };
 }