From 16381e754de9c633c080784286ff2b141299e136 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sat, 3 Jun 2023 21:53:20 +0200
Subject: mod_http: Make RFC 7239 Forwarded opt-in for now to be safe

Supporting both methods at the same time may open to spoofing attacks,
whereby a client sends a Forwarded header that is not stripped by a
reverse proxy, leading Prosody to use that instead of the X-Forwarded-*
headers actually sent by the proxy.

By only supporting one at a time, it can be configured to match what the
proxy uses.

Disabled by default since implementations are sparse and X-Forwarded-*
are everywhere.
---
 CHANGES | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'CHANGES')

diff --git a/CHANGES b/CHANGES
index b91aced8..b34608b9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -42,7 +42,7 @@ TRUNK
 - mod_blocklist: New option 'migrate_legacy_blocking' to disable migration from mod_privacy
 - Ability to use SQLite3 storage using LuaSQLite3 instead of LuaDBI
 - Moved all modules into the Lua namespace `prosody.`
-- Forwarded header from RFC 7239 supported
+- Forwarded header from RFC 7239 supported, disabled by default
 
 ## Removed
 
-- 
cgit v1.2.3