You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Deploy TeamPass in environment behind reverse proxy (i.e Docker/Nginx).
Set up API whitelist against a real , external source address.
Watch API fail with rest_error("IPWHITELIST") because only REMOTE_ADDR is checked.
Expected behaviour
X-Forwarded-For should also be checked, you should safely assume any webserver or reverse proxy this application is deployed behind properly sanitises this header.
Actual behaviour
X-Forwarded-For is not checked, resulting in the user being denied access (as the proxy is seen as REMOTE_ADDR)
I will supply a PR to fix.
The text was updated successfully, but these errors were encountered:
- Implemented new session encryption library (getting rid of mcrypt extension)
- Language selection is now in User Profile (Default language is used on authentication page)
- Updated AES library
Merge of #1532, #1553, #1556, #1559
Steps to reproduce
Expected behaviour
X-Forwarded-For should also be checked, you should safely assume any webserver or reverse proxy this application is deployed behind properly sanitises this header.
Actual behaviour
X-Forwarded-For is not checked, resulting in the user being denied access (as the proxy is seen as REMOTE_ADDR)
I will supply a PR to fix.
The text was updated successfully, but these errors were encountered: