Check if proxy connection is coming from an local tunnel

See comment in code for more info
2022-03-26 18:02:45 +01:00 · 2022-03-26 18:02:45 +01:00 · 02be5d8e96
commit 02be5d8e96
parent cf0e2eb361
1 changed files with 5 additions and 1 deletions
--- a/core/src/ws_client.cpp
+++ b/core/src/ws_client.cpp
@ -70,8 +70,12 @@ WSClient::WSClient(QTcpSocket *p_tcp_socket, QWebSocket *p_web_socket, QObject *
      tcp_socket(p_tcp_socket),
      web_socket(p_web_socket)
 {
+    bool l_is_local = web_socket->peerAddress() == QHostAddress::LocalHost |
+                      web_socket->peerAddress() == QHostAddress::LocalHostIPv6;
+    //TLDR : We check if the header comes trough a proxy/tunnel running locally.
+    //This is to ensure nobody can send those headers from the web.
    QNetworkRequest l_request = web_socket->request();
-    if (l_request.hasRawHeader("x-forwarded-for")) {
+    if (l_request.hasRawHeader("x-forwarded-for") && l_is_local) {
        websocket_ip = l_request.rawHeader("x-forwarded-for");
    }
    else {