From 5781d1db841ff7f81301cd28acecc5331a68d97e Mon Sep 17 00:00:00 2001 From: Yamagishi Kazutoshi Date: Tue, 19 Apr 2022 16:11:58 +0900 Subject: [PATCH] Fix parsing `TRUSTED_PROXY_IP` (#18051) --- config/environments/production.rb | 2 +- streaming/index.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/environments/production.rb b/config/environments/production.rb index 95f8a6f32..514c08cff 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -42,7 +42,7 @@ Rails.application.configure do config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX # Allow to specify public IP of reverse proxy if it's needed - config.action_dispatch.trusted_proxies = ENV['TRUSTED_PROXY_IP'].split.map { |item| IPAddr.new(item) } if ENV['TRUSTED_PROXY_IP'].present? + config.action_dispatch.trusted_proxies = ENV['TRUSTED_PROXY_IP'].split(/(?:\s*,\s*|\s+)/).map { |item| IPAddr.new(item) } if ENV['TRUSTED_PROXY_IP'].present? config.force_ssl = true config.ssl_options = { diff --git a/streaming/index.js b/streaming/index.js index d6b445a91..6935c4764 100644 --- a/streaming/index.js +++ b/streaming/index.js @@ -146,7 +146,7 @@ const startWorker = async (workerId) => { const app = express(); - app.set('trusted proxy', process.env.TRUSTED_PROXY_IP || 'loopback,uniquelocal'); + app.set('trust proxy', process.env.TRUSTED_PROXY_IP ? process.env.TRUSTED_PROXY_IP.split(/(?:\s*,\s*|\s+)/) : 'loopback,uniquelocal'); const pgPool = new pg.Pool(Object.assign(pgConfigs[env], dbUrlToConfig(process.env.DATABASE_URL))); const server = http.createServer(app);