xTr1m/GameList
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add trusted forwarded-header config and tests

Browse Source
This commit is contained in:
Frank Tovar
2026-02-07 00:51:36 +01:00
parent c672802469
commit 9c1eb63084
3 changed files with 103 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
Program.cs
View File

@@ -6,6 +6,7 @@ using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.Data.Sqlite;
using Microsoft.EntityFrameworkCore;
using System.Net;
using System.Text.Json.Serialization;
var builder = WebApplication.CreateBuilder(args);
@@ -66,7 +67,7 @@ builder.Services.AddAuthorization(options => { options.AddPolicy(PlayerIdentityE
var app = builder.Build();
app.UseForwardedHeaders(new ForwardedHeadersOptions { ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedHost });
app.UseForwardedHeaders(BuildForwardedHeadersOptions(builder.Configuration));
var basePath = builder.Configuration["BasePath"];
if (!string.IsNullOrWhiteSpace(basePath))
@@ -100,6 +101,40 @@ app.MapAdminEndpoints();
app.Run();
static ForwardedHeadersOptions BuildForwardedHeadersOptions(IConfiguration config)
{
var options = new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedHost
};
options.KnownIPNetworks.Clear();
options.KnownProxies.Clear();
foreach (var proxy in config.GetSection("ForwardedHeaders:KnownProxies").Get<string[]>() ?? [])
{
if (IPAddress.TryParse(proxy, out var parsedProxy))
options.KnownProxies.Add(parsedProxy);
}
foreach (var network in config.GetSection("ForwardedHeaders:KnownNetworks").Get<string[]>() ?? [])
{
var parts = network.Split('/', StringSplitOptions.TrimEntries | StringSplitOptions.RemoveEmptyEntries);
if (parts.Length != 2)
continue;
if (!IPAddress.TryParse(parts[0], out var prefix))
continue;
if (!int.TryParse(parts[1], out var prefixLength))
continue;
options.KnownIPNetworks.Add(new System.Net.IPNetwork(prefix, prefixLength));
}
return options;
}
static void UpdateIndexMetaBase(IWebHostEnvironment env, string basePath)
{
try