Skip to content

feat(http): optional X-Forwarded-Host support for host authorization #50

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 12, 2025
Merged

feat(http): optional X-Forwarded-Host support for host authorization #50

merged 4 commits into from
Aug 12, 2025

Conversation

@hugodutka
Copy link
Collaborator

@hugodutka hugodutka commented Aug 9, 2025
edited by blink-so bot
Loading

Summary:

  • Adds --use-x-forwarded-host CLI flag and ServerConfig.UseXForwardedHost.
  • When enabled, hostAuthorizationMiddleware prefers X-Forwarded-Host (first value, before comma), extracts hostname via url.Parse and matches against AllowedHosts (case-insensitive, ignoring port). Falls back to r.Host if header is absent.
  • Adds tests covering enabled/disabled behavior, port in header, IPv6 literal, and comma-separated header values.
  • CLI tests updated to assert default false, env var (AGENTAPI_USE_X_FORWARDED_HOST) parsing, and CLI override precedence.
  • README: documents the new flag and env var with guidance on trusted proxy usage.

Notes:

  • Semantics mirror Django’s USE_X_FORWARDED_HOST gating, but limited to Host selection only.
  • No behavior change when the flag is false (default).

Testing:

  • go test ./... passes locally.
blink-so bot and others added 4 commits August 9, 2025 08:11
@blink-so
feat(http): optional X-Forwarded-Host support for host authorization\…
6fa56b6 
…n\nAdds --use-x-forwarded-host CLI flag and ServerConfig.UseXForwardedHost.\nWhen enabled, the middleware prefers X-Forwarded-Host (first value, before comma),\nparses and matches hostname ignoring port. Includes tests for enabled/disabled,\nports, IPv6, and comma-separated cases.\n\nCo-authored-by: hugodutka <28019628+hugodutka@users.noreply.github.com>
@blink-so
test(cli): assert default and env/precedence for --use-x-forwarded-ho…
bbf9102 
…st\n\nExtend CLI tests to cover default false, env var AGENTAPI_USE_X_FORWARDED_HOST,\nand CLI overrides env precedence.\n\nCo-authored-by: hugodutka <28019628+hugodutka@users.noreply.github.com>
@blink-so
docs(readme): document --use-x-forwarded-host and env var\n\nExplain …
7f9234f 
…when to enable, behavior (first value, comma-trimming, hostname-only, IPv6),\nand security considerations (trusted proxy).\n\nCo-authored-by: hugodutka <28019628+hugodutka@users.noreply.github.com>
@hugodutka
Update README.md
2213e2b
@bpmct bpmct merged commit d1fb1b0 into hugodutka/allowed-hosts Aug 12, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants

@hugodutka @bpmct