From 02be5d8e960314aa220fc8413b8da2114a8fabb2 Mon Sep 17 00:00:00 2001
From: Salanto <62221668+Salanto@users.noreply.github.com>
Date: Sat, 26 Mar 2022 18:02:45 +0100
Subject: [PATCH] Check if proxy connection is coming from an local tunnel

See comment in code for more info
---
 core/src/ws_client.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/core/src/ws_client.cpp b/core/src/ws_client.cpp
index e34440e..d6a8f32 100644
--- a/core/src/ws_client.cpp
+++ b/core/src/ws_client.cpp
@@ -70,8 +70,12 @@ WSClient::WSClient(QTcpSocket *p_tcp_socket, QWebSocket *p_web_socket, QObject *
       tcp_socket(p_tcp_socket),
       web_socket(p_web_socket)
 {
+    bool l_is_local = web_socket->peerAddress() == QHostAddress::LocalHost |
+                      web_socket->peerAddress() == QHostAddress::LocalHostIPv6;
+    //TLDR : We check if the header comes trough a proxy/tunnel running locally.
+    //This is to ensure nobody can send those headers from the web.
     QNetworkRequest l_request = web_socket->request();
-    if (l_request.hasRawHeader("x-forwarded-for")) {
+    if (l_request.hasRawHeader("x-forwarded-for") && l_is_local) {
         websocket_ip = l_request.rawHeader("x-forwarded-for");
     }
     else {