Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Proxy mode missing critical headers

See original GitHub issue

Given:

When running in proxy mode, we need the following headers in order for the application to work properly:

X-Forwarded-For: The IP address of the client (because the incoming request is coming from the proxy, which masks the client’s real IP address)
X-Forwarded-Host: The host requested by the client (i.e. the proxy address, not the existing server’s address)
Host: The existing server’s address (right now it is the proxy server’s address, which is wrong). In https://github.com/BrowserSync/browser-sync/pull/120#issuecomment-39418996 you confirmed the behavior I am asking for, but the implementation does not match what you said it should be.

The first header is needed for security reasons (ability to detect local vs remote clients). The second header is needed for redirecting clients (e.g. redirect the user to the login page).

Issue Analytics

State:
Created 9 years ago
Comments:15 (5 by maintainers)

Top GitHub Comments

5reactions

heijmanscommented, Jun 9, 2017

If you want to pass the Host header to the backend unchanged, use the following config:

  proxy: {
    target: "...",
    proxyOptions: {
      changeOrigin: false
    }
  },

By default, browser-sync passes changeOriginal: true to node-http-proxy, and this will change the Host header.

5reactions

shakyShanecommented, May 4, 2015

version 2.7.0 allows any of the node-http-proxy options to be passed through, so in your case, xfwd is the one you want.

var bs = require('browser-sync').create();

bs.init({
    proxy: {
        target: "www.bbc.co.uk",
        proxyOptions: {
            xfwd: true
        }
    }
});

Top Results From Across the Web

Proxy mode missing critical headers · Issue #430 - GitHub

Given: When running in proxy mode, we need the following headers in order for the application to work properly:.

mod_proxy - Apache HTTP Server Version 2.4

When acting in a reverse-proxy mode (using the ProxyPass directive, for example), mod_proxy_http adds several request headers in order to pass information ...

X-Forwarded-For - HTTP - MDN Web Docs

The X-Forwarded-For header is untrustworthy when no trusted reverse proxy (e.g., a load balancer) is between the client and server. If the ...

Session Initiation Protocol (SIP) Parameters

This option tag indicates support for the Privacy mechanism. When used in the Proxy-Require header, it indicates that proxy servers do not ...

API proxy configuration reference | Apigee Edge

Base Configuration, Primary configuration settings for an API proxy. ... directly to URLs, or to a combination of the two, based on HTTP...