🐛 fix(proxy): Ensure BalancerForward overwrites X-Real-IP header#4260
Conversation
|
ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
WalkthroughThis PR changes the proxy balancer to overwrite the ChangesX-Real-IP Header Overwrite
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 golangci-lint (2.12.1)level=error msg="[linters_context] typechecking error: pattern ./...: directory prefix . does not contain main module or its selected dependencies" Tip 💬 Introducing Slack Agent: The best way for teams to turn conversations into code.Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.
Built for teams:
One agent for your entire SDLC. Right inside Slack. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #4260 +/- ##
==========================================
- Coverage 91.18% 91.12% -0.07%
==========================================
Files 129 129
Lines 12749 12749
==========================================
- Hits 11625 11617 -8
- Misses 709 715 +6
- Partials 415 417 +2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Code Review
This pull request updates the proxy middleware to use Header.Set instead of Header.Add for the X-Real-IP header, ensuring that incoming headers are correctly overwritten rather than appended. A new test case was added to verify this behavior. The reviewer suggested improving the robustness of the new test by using constants for IP addresses and asserting the exact expected IP value.
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
|
@copilot fix the unit tests for proxy middleware |
Agent-Logs-Url: https://github.com/gofiber/fiber/sessions/806acfbb-3625-48d4-933f-662e8cedc55b Co-authored-by: gaby <835733+gaby@users.noreply.github.com>
Agent-Logs-Url: https://github.com/gofiber/fiber/sessions/806acfbb-3625-48d4-933f-662e8cedc55b Co-authored-by: gaby <835733+gaby@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR hardens the proxy balancer forwarding path against header spoofing by ensuring the forwarded request’s X-Real-IP is overwritten (not appended), aligning documentation and adding a regression test.
Changes:
- Update
BalancerForwardto useHeader.SetforX-Real-IPinstead ofHeader.Add. - Add a test ensuring a pre-existing
X-Real-IPheader is not retained when forwarding. - Update the proxy middleware docs example to use
Header.Setfor consistency.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| middleware/proxy/proxy.go | Overwrites X-Real-IP during balancer forwarding to prevent retaining spoofed values. |
| middleware/proxy/proxy_test.go | Adds regression coverage asserting X-Real-IP is not appended/duplicated when forwarding. |
| docs/middleware/proxy.md | Updates example to match runtime behavior (Header.Set for X-Real-IP). |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Motivation
X-Real-IPvalue instead of appending to any existing header.Description
Header.AddwithHeader.SetinBalancerForwardto ensure theX-Real-IPheader is overwritten.docs/middleware/proxy.mdto useHeader.SetforX-Real-IPconsistency with runtime behavior.Test_Proxy_Balancer_Forward_OverwritesXRealIPinmiddleware/proxy/proxy_test.goto assert that a pre-existingX-Real-IPheader is not retained by the forwarded request.