Problem
server.js parses the hop-count branch of TRUST_PROXY like this:
} else if (trustProxy && !isNaN(parseInt(trustProxy, 10))) {
app.set('trust proxy', parseInt(trustProxy, 10));
}parseInt is lenient — parseInt('1abc', 10) returns 1. An operator setting TRUST_PROXY=1abc (typo, leftover comma, autocomplete glitch) gets trust proxy partially honored at 1 hop instead of falling through to the no-trust default. There's no warning anywhere.
Fix
Use a strict regex match (/^\d+$/) before the parseInt. Invalid values fall through to the implicit default. Operator typos surface as observable "X-Forwarded-For not trusted" symptoms rather than partial-trust silence.
Proudly Made in Nebraska. Go Big Red! 🌽 https://xkcd.com/2347/
Problem
server.jsparses the hop-count branch ofTRUST_PROXYlike this:parseIntis lenient —parseInt('1abc', 10)returns1. An operator settingTRUST_PROXY=1abc(typo, leftover comma, autocomplete glitch) getstrust proxypartially honored at1hop instead of falling through to the no-trust default. There's no warning anywhere.Fix
Use a strict regex match (
/^\d+$/) before the parseInt. Invalid values fall through to the implicit default. Operator typos surface as observable "X-Forwarded-For not trusted" symptoms rather than partial-trust silence.Proudly Made in Nebraska. Go Big Red! 🌽 https://xkcd.com/2347/