From 44e06a1a1e0fc5502049e9da0881dcf83ad8d80c Mon Sep 17 00:00:00 2001
From: Oliver Moser <olmoser@users.noreply.github.com>
Date: Wed, 3 Oct 2018 22:52:02 +0200
Subject: [PATCH] Trimming whitespace in XFF for IP whitelisting

---
 whitelist/ip.go      | 5 +++--
 whitelist/ip_test.go | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/whitelist/ip.go b/whitelist/ip.go
index bfb74e007..89db04cb4 100644
--- a/whitelist/ip.go
+++ b/whitelist/ip.go
@@ -63,7 +63,8 @@ func (ip *IP) IsAuthorized(req *http.Request) error {
 			for _, xFF := range xFFs {
 				xffs := strings.Split(xFF, ",")
 				for _, xff := range xffs {
-					ok, err := ip.contains(parseHost(xff))
+					xffTrimmed := strings.TrimSpace(xff)
+					ok, err := ip.contains(parseHost(xffTrimmed))
 					if err != nil {
 						return err
 					}
@@ -72,7 +73,7 @@ func (ip *IP) IsAuthorized(req *http.Request) error {
 						return nil
 					}
 
-					invalidMatches = append(invalidMatches, xff)
+					invalidMatches = append(invalidMatches, xffTrimmed)
 				}
 			}
 		}
diff --git a/whitelist/ip_test.go b/whitelist/ip_test.go
index 0b0efefc0..b4c43ef51 100644
--- a/whitelist/ip_test.go
+++ b/whitelist/ip_test.go
@@ -32,7 +32,7 @@ func TestIsAuthorized(t *testing.T) {
 			whiteList:           []string{"1.2.3.4/24"},
 			allowXForwardedFor:  true,
 			remoteAddr:          "10.2.3.1:123",
-			xForwardedForValues: []string{"1.2.3.1, 10.2.3.1"},
+			xForwardedForValues: []string{"10.2.3.1, 1.2.3.1"},
 			authorized:          true,
 		},
 		{