fix: Overriding X-Forwarded-For request header (#13)

Changes setting X-Forwarded-For header to appending Refs: ASG-2952
IMQS · Nov 2, 2023 · dafcf8b · dafcf8b
1 parent 34dd5dd
commit dafcf8b
Showing 1 changed file with 5 additions and 6 deletions.
diff --git a/server/server.go b/server/server.go
@@ -254,11 +254,10 @@ func (s *Server) isLegalRequest(req *http.Request) bool {
 	return true
 }
 
-/*
-ServeHTTP is the single router access point to the frontdoor server. All request are handled in this method.
- It uses Routes to generate the new url and then switches on scheme type to connect to the backend copying
-between these pipes.
-*/
+// ServeHTTP is the single router access point to the frontdoor server. All
+// request are handled in this method. It uses Routes to generate the new url
+// and then switches on scheme type to connect to the backend copying between
+// these pipes.
 func (s *Server) ServeHTTP(isSecure bool, w http.ResponseWriter, req *http.Request) {
 	// HACK! Doesn't belong here!
 	// Catch wsdl here to statically serve.
@@ -381,7 +380,7 @@ func (s *Server) forwardHttp(w http.ResponseWriter, req *http.Request, newurl st
 	cleaned.ContentLength = req.ContentLength
 
 	if remoteAddrNoPort, _, err := net.SplitHostPort(req.RemoteAddr); err == nil {
-		cleaned.Header["X-Forwarded-For"] = []string{remoteAddrNoPort}
+		cleaned.Header.Add("X-Forwarded-For", remoteAddrNoPort)
 	}
 
 	s.addXOriginalPath(req, cleaned)