New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow x-forwarded-for header to support lists with spaces around the commas #8
Conversation
@@ -64,7 +71,7 @@ function forwarded(headers, whitelist) { | |||
if (!(proxies[i].ip in headers)) continue; | |||
|
|||
ports = (headers[proxies[i].port] || '').split(','); | |||
ips = (headers[proxies[i].ip] || '').split(','); | |||
ips = (headers[proxies[i].ip] || '').replace(ipListSpaceFilter, ',').split(','); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if it's better to use trim()
here:
ips = (headers[proxies[i].ip] || '').split(',').map(function map(ip) {
return ip.trim();
});
so we can also remove the trim()
from the whitelist check below.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably the regex approach is slightly faster.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok this is indeed faster:
'use strict';
const Benchmark = require('benchmark');
const suite = new Benchmark.Suite;
const re = /\s*,\s*/g;
let list = [];
let i = 0;
for (; i < 1000; i++) list.push(i);
list = list.join(' , ');
suite.add('map', function () {
list.split(',').map(function map(elem) {
return elem.trim();
});
});
suite.add('regex', function () {
list.replace(re, ',').split(',');
});
suite.on('cycle', function (event) {
console.log(event.target.toString());
});
suite.on('complete', function () {
console.log('Fastest is '+ this.filter('fastest').map('name'));
});
suite.run();
map x 3,514 ops/sec ±1.11% (82 runs sampled)
regex x 6,736 ops/sec ±1.09% (85 runs sampled)
Fastest is regex
so ignore the above idea.
LGTM, thank you for the tests. |
* | ||
* @type {RegExp} | ||
*/ | ||
var ipListSpaceFilter = /\s*,\s*/; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess we need the g
flag here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is still necessary if there is more than 1 correct? Does this case practically happen? cc @3rd-Eden
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With this change this |
LGTM, going to merge this in. Thanks the PR and the accompanying tests.
|
Our network structure that alters
X-Forwarded-For
:External Interface/Firewall -> HAProxy -> Nginx/Node
HAProxy appends to the list of ips with a
,
(comma + space).This PR will allow the spaces to be parsed out of the list before it's split.
https://tools.ietf.org/html/draft-ietf-appsawg-http-forwarded-10#section-7.1