Remove the forwarded and x-forwarded-host headers (#5409)

We are already setting the Host header properly in the request to the rails app Prevents malicious redirects & their being cached Signed-off-by: Samuel Giddins <[email protected]>
rubygems · Jan 24, 2025 · e50cfbe · e50cfbe
1 parent 20dec0e
commit e50cfbe
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/config/deploy/nginx-configmap.yaml.erb b/config/deploy/nginx-configmap.yaml.erb
@@ -78,6 +78,8 @@ data:
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme_from_fastly;
+        proxy_set_header Forwarded "";
+        proxy_set_header X-Forwarded-Host "";
         proxy_set_header Client-IP "";
         proxy_set_header Host $host;
         proxy_redirect off;