akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 7 Packages Projects Releases Wiki Activity

feat: add standard proxy headers with backward compatibility

Browse Source 
Add X-Real-IP, X-Forwarded-Proto, X-Forwarded-Host, and X-Forwarded-Port headers to all proxy hosts for proper client IP detection, HTTPS enforcement, and logging.

- New feature flag: enable_standard_headers (default: true for new hosts, false for existing)
- UI: Checkbox in proxy host form and bulk apply modal for easy migration
- Security: Always configure trusted_proxies when headers enabled
- Backward compatible: Existing hosts preserve legacy behavior until explicitly enabled

BREAKING CHANGE: New proxy hosts will have standard headers enabled by default. Existing hosts maintain legacy behavior. Users can opt-in via UI.

Backend: 98.7% coverage, 8 new tests
Frontend: 87.7% coverage, full TypeScript support
Docs: Comprehensive migration guide and troubleshooting

Closes #<issue-number> (FileFlows WebSocket fix)
This commit is contained in:
GitHub Actions
2025-12-19 20:32:03 +00:00
parent b79af10014
commit 81085ec890
19 changed files with 2921 additions and 164 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/api.md
+7
View File
@@ -341,6 +341,7 @@ GET /proxy-hosts
"block_exploits": true,
"websocket_support": false,
"enabled": true,
"enable_standard_headers": true,
"remote_server_id": null,
"created_at": "2025-01-18T10:00:00Z",
"updated_at": "2025-01-18T10:00:00Z"
@@ -370,6 +371,7 @@ GET /proxy-hosts/:uuid
"ssl_forced": true,
"websocket_support": false,
"enabled": true,
"enable_standard_headers": true,
"created_at": "2025-01-18T10:00:00Z",
"updated_at": "2025-01-18T10:00:00Z"
}
@@ -405,6 +407,7 @@ Content-Type: application/json
"block_exploits": true,
"websocket_support": false,
"enabled": true,
"enable_standard_headers": true,
"remote_server_id": null
}
```
@@ -425,6 +428,9 @@ Content-Type: application/json
- `block_exploits` - Default: `true`
- `websocket_support` - Default: `false`
- `enabled` - Default: `true`
- `enable_standard_headers` - Default: `true` (for new hosts), `false` (for existing hosts migrated from older versions)
- When `true`: Adds X-Real-IP, X-Forwarded-Proto, X-Forwarded-Host, X-Forwarded-Port headers
- When `false`: Old behavior (headers only added for WebSocket or application-specific needs)
- `remote_server_id` - Default: `null`
**Response 201:**
@@ -435,6 +441,7 @@ Content-Type: application/json
"domain": "new.example.com",
"forward_scheme": "http",
"forward_host": "localhost",
"enable_standard_headers": true,
"forward_port": 3000,
"created_at": "2025-01-18T10:05:00Z",
"updated_at": "2025-01-18T10:05:00Z"