Trimming whitespace in XFF for IP whitelisting

2018-10-03 22:52:02 +02:00 · 2018-10-03 22:52:02 +02:00 · 44e06a1a1e
parent 4cb1ae4626
commit 44e06a1a1e
2 changed files with 4 additions and 3 deletions
--- a/whitelist/ip.go
+++ b/whitelist/ip.go
@ -63,7 +63,8 @@ func (ip *IP) IsAuthorized(req *http.Request) error {
 			for _, xFF := range xFFs {
 				xffs := strings.Split(xFF, ",")
 				for _, xff := range xffs {
-					ok, err := ip.contains(parseHost(xff))
+					xffTrimmed := strings.TrimSpace(xff)
+					ok, err := ip.contains(parseHost(xffTrimmed))
 					if err != nil {
 						return err
 					}
@ -72,7 +73,7 @@ func (ip *IP) IsAuthorized(req *http.Request) error {
 						return nil
 					}

-					invalidMatches = append(invalidMatches, xff)
+					invalidMatches = append(invalidMatches, xffTrimmed)
 				}
 			}
 		}
--- a/whitelist/ip_test.go
+++ b/whitelist/ip_test.go
@ -32,7 +32,7 @@ func TestIsAuthorized(t *testing.T) {
 			whiteList:           []string{"1.2.3.4/24"},
 			allowXForwardedFor:  true,
 			remoteAddr:          "10.2.3.1:123",
-			xForwardedForValues: []string{"1.2.3.1, 10.2.3.1"},
+			xForwardedForValues: []string{"10.2.3.1, 1.2.3.1"},
 			authorized:          true,
 		},
 		{