Make trusting X-Forwarded-For headers configurable (!104) · Merge requests · GitLab.org / labkit

Making a public MR as this is a low-severity issue.

This allows us to opt out of trusting X-Forwarded-For headers. We'll want that for pages, as it terminates TLS on its own, and also has its own XFF handling internally.

refs https://gitlab.com/gitlab-org/gitlab-pages/-/issues/525.

cc @vshushlin

Make trusting X-Forwarded-For headers configurable

Merge request reports