From 6c44b4017dd8310ce02ea09be5ee5b5fa9b0bccf Mon Sep 17 00:00:00 2001 From: tituspijean Date: Wed, 5 Jul 2023 00:23:29 +0200 Subject: [PATCH] [autopatch] Fix Host and X-Forwarded-For header spoofing --- conf/nginx.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 312a59d..9e32209 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -4,7 +4,7 @@ location ~ __PATH__/api/v[0-9]+/(users/)?websocket$ { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; client_max_body_size 50M; - proxy_set_header Host $http_host; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -18,7 +18,7 @@ location ~ __PATH__/api/v[0-9]+/(users/)?websocket$ { location __PATH__/ { client_max_body_size 50M; proxy_set_header Connection ""; - proxy_set_header Host $http_host; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme;