I’ve seen that
X-Forwarded-For is not supported by Netlify and you recommend alternative headers.
Specifically, looks like you provide three options:
We would like to use the
client-ip header for our logging - is this a header you are supporting long term?
We make no guarantees on anything except “X-Nf-Client-Connection-Ip”. Please use that one instead!
Many other companies seem to have settled on
true-client-ip as a header for this purpose - is this something you could support?
Nope! We’ll be using the header names we have in place already
I get that, but it makes things very difficult for our (Netlify and Discourse) common customers.
We need to tell customers with proxies in front of their Discourse installation to scrub certain headers from requests before they forward them to us and we really don’t want that list to grow.
Would you consider adding support for the industry standard
x-forwarded-for or the sort-of-emerging
EDIT: we’ve adjusted how we’re doing things such that this is not a huge problem for us
Great to hear! We use
x-forwarded-for internally, so no can do on that one. Could you link me to the details on the “emerging standard” you reference? Our team would be happy to take a look at it, I just hadn’t heard of it before so not sure where you’ve seen it
This type of detail would be really useful in the main Functions section of the docs. Can it be added please?
Hi there, could you be a bit more specific on which type of detail you feel should be added? thanks!
Specifically that X-Nf-Client-Connection-Ip is available to our code, what it represents, and so forth.
thanks for clarifying, i’ll do some checking!
event.headers['client-ip'] has started to be
undefined some time this week. I still could not find any documentation on
X-Nf-Client-Connection-Ip via Google, but fortunately this thread appeared.On the other hand,
event.headers['X-Nf-Client-Connection-Ip'] is also undefined for me right now, so not sure how to proceed…
Update: Seems using lowercase
event.headers['x-nf-client-connection-ip'] works for now.
Update 2: Ths smells related, although of course it should not touch any of this: Upcoming change: Stripping exposed Netlify headers from function and proxy requests