Skip to content

Add AppContext switch in patch release to opt-out of breaking behavior change in ForwardedHeaders middleware. #62687

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jul 14, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 24 additions & 6 deletions src/Middleware/HttpOverrides/src/ForwardedHeadersMiddleware.cs
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ public class ForwardedHeadersMiddleware
private readonly ForwardedHeadersOptions _options;
private readonly RequestDelegate _next;
private readonly ILogger _logger;
private readonly bool _ignoreUnknownProxiesWithoutFor;
private bool _allowAllHosts;
private IList<StringSegment>? _allowedHosts;

Expand Down Expand Up @@ -63,6 +64,18 @@ public ForwardedHeadersMiddleware(RequestDelegate next, ILoggerFactory loggerFac
_logger = loggerFactory.CreateLogger<ForwardedHeadersMiddleware>();
_next = next;

if (AppContext.TryGetSwitch("Microsoft.AspNetCore.HttpOverrides.IgnoreUnknownProxiesWithoutFor", out var enabled)
&& enabled)
{
_ignoreUnknownProxiesWithoutFor = true;
}

if (Environment.GetEnvironmentVariable("MICROSOFT_ASPNETCORE_HTTPOVERRIDES_IGNORE_UNKNOWN_PROXIES_WITHOUT_FOR") is string env
Comment on lines +67 to +73
Copy link
Preview

Copilot AI Jul 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] Extract the switch key string into a private const string (and reuse it for the environment-variable name) to avoid magic strings and ensure consistency.

Suggested change
if (AppContext.TryGetSwitch("Microsoft.AspNetCore.HttpOverrides.IgnoreUnknownProxiesWithoutFor", out var enabled)
&& enabled)
{
_ignoreUnknownProxiesWithoutFor = true;
}
if (Environment.GetEnvironmentVariable("MICROSOFT_ASPNETCORE_HTTPOVERRIDES_IGNORE_UNKNOWN_PROXIES_WITHOUT_FOR") is string env
const string SwitchKey = "Microsoft.AspNetCore.HttpOverrides.IgnoreUnknownProxiesWithoutFor";
const string EnvVarKey = "MICROSOFT_ASPNETCORE_HTTPOVERRIDES_IGNORE_UNKNOWN_PROXIES_WITHOUT_FOR";
if (AppContext.TryGetSwitch(SwitchKey, out var enabled) && enabled)
{
_ignoreUnknownProxiesWithoutFor = true;
}
if (Environment.GetEnvironmentVariable(EnvVarKey) is string env

Copilot uses AI. Check for mistakes.

&& (env.Equals("true", StringComparison.OrdinalIgnoreCase) || env.Equals("1")))
{
_ignoreUnknownProxiesWithoutFor = true;
}

PreProcessHosts();
}

Expand Down Expand Up @@ -220,15 +233,20 @@ public void ApplyForwarders(HttpContext context)
for (; entriesConsumed < sets.Length; entriesConsumed++)
{
var set = sets[entriesConsumed];
// For the first instance, allow remoteIp to be null for servers that don't support it natively.
if (currentValues.RemoteIpAndPort != null && checkKnownIps && !CheckKnownAddress(currentValues.RemoteIpAndPort.Address))
// Opt-out of breaking change behavior where we now always check KnownProxies and KnownNetworks
// It used to be guarded by the ForwardedHeaders.XForwardedFor flag, but now we always check it.
if (!_ignoreUnknownProxiesWithoutFor || checkFor)
{
// Stop at the first unknown remote IP, but still apply changes processed so far.
if (_logger.IsEnabled(LogLevel.Debug))
// For the first instance, allow remoteIp to be null for servers that don't support it natively.
if (currentValues.RemoteIpAndPort != null && checkKnownIps && !CheckKnownAddress(currentValues.RemoteIpAndPort.Address))
{
_logger.LogDebug(1, "Unknown proxy: {RemoteIpAndPort}", currentValues.RemoteIpAndPort);
// Stop at the first unknown remote IP, but still apply changes processed so far.
if (_logger.IsEnabled(LogLevel.Warning))
{
_logger.LogWarning(1, "Unknown proxy: {RemoteIpAndPort}", currentValues.RemoteIpAndPort);
}
break;
}
break;
}

if (checkFor)
Expand Down
123 changes: 123 additions & 0 deletions src/Middleware/HttpOverrides/test/ForwardedHeadersMiddlewareTest.cs
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.TestHost;
using Microsoft.DotNet.RemoteExecutor;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;

Expand Down Expand Up @@ -1035,6 +1036,128 @@ public async Task IgnoreXForwardedHeadersFromUnknownProxy(ForwardedHeaders forwa
}
}

[Theory]
Copy link
Preview

Copilot AI Jul 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] The AppContext and environment-variable tests share nearly identical setup. Consider extracting the common host setup and assertion logic into a helper or combining them into a single parameterized test to reduce duplication.

Copilot uses AI. Check for mistakes.

[InlineData(ForwardedHeaders.XForwardedFor)]
[InlineData(ForwardedHeaders.XForwardedHost)]
[InlineData(ForwardedHeaders.XForwardedProto)]
[InlineData(ForwardedHeaders.XForwardedPrefix)]
public void AppContextDoesNotValidateUnknownProxyWithoutForwardedFor(ForwardedHeaders forwardedHeaders)
{
RemoteExecutor.Invoke(static async (forwardedHeadersName) =>
{
Assert.True(Enum.TryParse<ForwardedHeaders>(forwardedHeadersName, out var forwardedHeaders));
AppContext.SetSwitch("Microsoft.AspNetCore.HttpOverrides.IgnoreUnknownProxiesWithoutFor", true);
using var host = new HostBuilder()
.ConfigureWebHost(webHostBuilder =>
{
webHostBuilder
.UseTestServer()
.Configure(app =>
{
var options = new ForwardedHeadersOptions
{
ForwardedHeaders = forwardedHeaders
};
app.UseForwardedHeaders(options);
});
}).Build();

await host.StartAsync();

var server = host.GetTestServer();

var context = await server.SendAsync(c =>
{
c.Request.Headers["X-Forwarded-For"] = "11.111.111.11";
c.Request.Headers["X-Forwarded-Host"] = "testhost";
c.Request.Headers["X-Forwarded-Proto"] = "Protocol";
c.Request.Headers["X-Forwarded-Prefix"] = "/pathbase";
c.Connection.RemoteIpAddress = IPAddress.Parse("10.0.0.1");
c.Connection.RemotePort = 99;
});

if (forwardedHeaders.HasFlag(ForwardedHeaders.XForwardedFor))
{
// X-Forwarded-For ignored since 10.0.0.1 isn't in KnownProxies
Assert.Equal("10.0.0.1", context.Connection.RemoteIpAddress.ToString());
}
if (forwardedHeaders.HasFlag(ForwardedHeaders.XForwardedHost))
{
Assert.Equal("testhost", context.Request.Host.ToString());
}
if (forwardedHeaders.HasFlag(ForwardedHeaders.XForwardedProto))
{
Assert.Equal("Protocol", context.Request.Scheme);
}
if (forwardedHeaders.HasFlag(ForwardedHeaders.XForwardedPrefix))
{
Assert.Equal("/pathbase", context.Request.PathBase);
}
return RemoteExecutor.SuccessExitCode;
}, forwardedHeaders.ToString()).Dispose();
}

[Theory]
[InlineData(ForwardedHeaders.XForwardedFor)]
[InlineData(ForwardedHeaders.XForwardedHost)]
[InlineData(ForwardedHeaders.XForwardedProto)]
[InlineData(ForwardedHeaders.XForwardedPrefix)]
public void EnvVariableDoesNotValidateUnknownProxyWithoutForwardedFor(ForwardedHeaders forwardedHeaders)
{
RemoteExecutor.Invoke(static async (forwardedHeadersName) =>
{
Assert.True(Enum.TryParse<ForwardedHeaders>(forwardedHeadersName, out var forwardedHeaders));
Environment.SetEnvironmentVariable("MICROSOFT_ASPNETCORE_HTTPOVERRIDES_IGNORE_UNKNOWN_PROXIES_WITHOUT_FOR", "true");
using var host = new HostBuilder()
.ConfigureWebHost(webHostBuilder =>
{
webHostBuilder
.UseTestServer()
.Configure(app =>
{
var options = new ForwardedHeadersOptions
{
ForwardedHeaders = forwardedHeaders
};
app.UseForwardedHeaders(options);
});
}).Build();

await host.StartAsync();

var server = host.GetTestServer();

var context = await server.SendAsync(c =>
{
c.Request.Headers["X-Forwarded-For"] = "11.111.111.11";
c.Request.Headers["X-Forwarded-Host"] = "testhost";
c.Request.Headers["X-Forwarded-Proto"] = "Protocol";
c.Request.Headers["X-Forwarded-Prefix"] = "/pathbase";
c.Connection.RemoteIpAddress = IPAddress.Parse("10.0.0.1");
c.Connection.RemotePort = 99;
});

if (forwardedHeaders.HasFlag(ForwardedHeaders.XForwardedFor))
{
// X-Forwarded-For ignored since 10.0.0.1 isn't in KnownProxies
Assert.Equal("10.0.0.1", context.Connection.RemoteIpAddress.ToString());
}
if (forwardedHeaders.HasFlag(ForwardedHeaders.XForwardedHost))
{
Assert.Equal("testhost", context.Request.Host.ToString());
}
if (forwardedHeaders.HasFlag(ForwardedHeaders.XForwardedProto))
{
Assert.Equal("Protocol", context.Request.Scheme);
}
if (forwardedHeaders.HasFlag(ForwardedHeaders.XForwardedPrefix))
{
Assert.Equal("/pathbase", context.Request.PathBase);
}
return RemoteExecutor.SuccessExitCode;
}, forwardedHeaders.ToString()).Dispose();
}

[Fact]
public async Task PartiallyEnabledForwardsPartiallyChangesRequest()
{
Expand Down
Loading