Wrong X-Forwarded-For address chosen as "peer"?
-----------------------------------------------
Key: COUCHDB-1421
URL: https://issues.apache.org/jira/browse/COUCHDB-1421
Project: CouchDB
Issue Type: Bug
Reporter: Nathan Vander Wilt
I noticed that in the Mochiweb code, it uses the last item of the
X-Forwarded-For list as the peer:
https://github.com/apache/couchdb/blob/master/src/mochiweb/mochiweb_request.erl#L82
But shouldn't this snag the *first* item of the list instead?
http://tools.ietf.org/html/draft-petersson-forwarded-for-02#section-5.2 says
"the first for-parameter will disclose the user agent where the request first
was made" — the user agent is what I'd want as an app developer, not the
second-nearest proxy.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
