From 889965141a1411dd546757fbb964695bd8f712d7 Mon Sep 17 00:00:00 2001
From: rinpatch <rinpatch@sdf.org>
Date: Wed, 29 Jan 2020 23:59:27 +0300
Subject: RemoteIp: only trust X-Forwarded-For

Our nginx config will happily pass `Forwarded`/`X-Real-IP` from the
client. Caddy, Apache and Varnish pass `X-Forwarded-For` as well anyway.
---
 lib/pleroma/plugs/remote_ip.ex | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'lib')

diff --git a/lib/pleroma/plugs/remote_ip.ex b/lib/pleroma/plugs/remote_ip.ex
index fdedc27ee..1cd5af48a 100644
--- a/lib/pleroma/plugs/remote_ip.ex
+++ b/lib/pleroma/plugs/remote_ip.ex
@@ -10,10 +10,7 @@ defmodule Pleroma.Plugs.RemoteIp do
   @behaviour Plug
 
   @headers ~w[
-    forwarded
     x-forwarded-for
-    x-client-ip
-    x-real-ip
   ]
 
   # https://en.wikipedia.org/wiki/Localhost
-- 
cgit v1.2.3