From 433548b1ca0e3ad22b9237add9093501fb2f7bfb Mon Sep 17 00:00:00 2001 From: Hassan Selim Date: Mon, 4 Jan 2021 10:35:44 -0200 Subject: [PATCH] fix: add `x-forwarded-host` to `proxyHeaderIgnore` defaults (#462) resolves #456 --- docs/content/en/options.md | 8 ++++---- lib/module.js | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/content/en/options.md b/docs/content/en/options.md index c5b3f5c..e865f07 100644 --- a/docs/content/en/options.md +++ b/docs/content/en/options.md @@ -166,13 +166,13 @@ In SSR context, this options sets client requests headers as default headers for This is useful for making requests which need cookie based auth on server side. This also helps making consistent requests in both SSR and Client Side code. -> **NOTE:** If you are directing requests to an url that is protected by CloudFlare's CDN you should set this to `false` in order to prevent CloudFlare from mistakenly detecting a reverse proxy loop and returning a 403 error. - ## `proxyHeadersIgnore` -* Default `['host', 'accept', 'cf-ray', 'cf-connecting-ip', 'content-length']` +* Default `['accept', 'host', 'x-forwarded-host', 'cf-ray', 'cf-connecting-ip', 'content-length', 'content-md5', 'content-type']` + +This is useful and effective only when `proxyHeaders` is set to true. It removes unwanted requests headers to the API backend in SSR. -This is useful and efficient only when `proxyHeaders` is set to true. Removes unwanted requests headers to the API backend in SSR. +Ignoring the headers `x-forwarded-host`, `cf-ray`, and `cf-connecting-ip` is necessary to avoid confusing reverse proxies (including CloudFlare) and avoid causing proxy loops. ## `headers` diff --git a/lib/module.js b/lib/module.js index 2317012..f898e37 100755 --- a/lib/module.js +++ b/lib/module.js @@ -64,7 +64,7 @@ function axiosModule (_moduleOptions) { debug: false, progress: true, proxyHeaders: true, - proxyHeadersIgnore: ['accept', 'host', 'cf-ray', 'cf-connecting-ip', 'content-length', 'content-md5', 'content-type'], + proxyHeadersIgnore: ['accept', 'host', 'x-forwarded-host', 'cf-ray', 'cf-connecting-ip', 'content-length', 'content-md5', 'content-type'], proxy: false, retry: false, https,