forward headers from server component and make trust_proxy config a number

2025-07-01 09:34:54 +02:00 · 2025-06-19 11:22:29 -04:00 · 2025-06-19 11:22:29 -04:00 · 97ae76e4e7
commit 97ae76e4e7
parent c043912f94
3 changed files with 12 additions and 4 deletions
--- a/server/apiServer.ts
+++ b/server/apiServer.ts
@ -20,8 +20,9 @@ const externalPort = config.getRawConfig().server.external_port;
 export function createApiServer() {
    const apiServer = express();

-    if (config.getRawConfig().server.trust_proxy) {
-        apiServer.set("trust proxy", 1);
+    const trustProxy = config.getRawConfig().server.trust_proxy;
+    if (trustProxy) {
+        apiServer.set("trust proxy", trustProxy);
    }

    const corsConfig = config.getRawConfig().server.cors;
--- a/server/lib/readConfigFile.ts
+++ b/server/lib/readConfigFile.ts
@ -112,7 +112,7 @@ export const configSchema = z.object({
                credentials: z.boolean().optional()
            })
            .optional(),
-        trust_proxy: z.boolean().optional().default(true),
+        trust_proxy: z.number().int().gte(0).optional().default(1),
        secret: z
            .string()
            .optional()
--- a/src/lib/api/cookies.ts
+++ b/src/lib/api/cookies.ts
@ -1,4 +1,4 @@
-import { cookies } from "next/headers";
+import { cookies, headers } from "next/headers";
 import { pullEnv } from "../pullEnv";

 export async function authCookieHeader() {
@ -7,9 +7,16 @@ export async function authCookieHeader() {
    const allCookies = await cookies();
    const cookieName = env.server.sessionCookieName;
    const sessionId = allCookies.get(cookieName)?.value ?? null;
+
+    // all other headers
+    // this is needed to pass through x-forwarded-for, x-forwarded-proto, etc.
+    const otherHeaders = await headers();
+    const otherHeadersObject = Object.fromEntries(otherHeaders.entries());
+
    return {
        headers: {
            Cookie: `${cookieName}=${sessionId}`,
+            ...otherHeadersObject
        },
    };
 }