Skip to content

[release/8.0] Add AppContext switch in patch release to opt-out of breaking behavior change in ForwardedHeaders middleware. #62688

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: release/8.0
Choose a base branch
from
Open

[release/8.0] Add AppContext switch in patch release to opt-out of breaking behavior change in ForwardedHeaders middleware. #62688

wants to merge 2 commits into from

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Jul 11, 2025
edited by BrennanConroy
Loading

Backport of #62687 to release/8.0

/cc @BrennanConroy

Add AppContext switch in patch release to opt-out of breaking behavior change in ForwardedHeaders middleware.

Description

We previously fixed a bug where KnownProxies and KnownNetworks weren't being applied in common cases. We didn't realize at the time this would break many customers apps.

The workaround is to configure KnownProxies and KnownNetworks, which is intended, and our docs do state that users should configure these. But due to the bug we recently fixed, users didn't need to configure those options for the app to work.

We're adding an app context switch to opt-out of the breaking change and go back to the previous behavior. This gives users the option to update their app code at a more convenient time, e.g. when 10.0 releases.

Customer Impact

Customers have noticed that updating to the latest patch breaks scenarios like Https redirection and auth flows due to the X-Forwarded-Proto header not being applied anymore.

Regression?

  • Yes
  • No

2.3.4, 8.0.17, 9.0.6
Change was made on purpose to harden security, but didn't realize it would cause a regression.

Risk

  • High
  • Medium
  • Low

Just adding an app context switch. Test coverage added for the switch as well.

Verification

  • Manual (required)
  • Automated

Packaging changes reviewed?

  • Yes
  • No
  • N/A

@github-actions github-actions bot requested a review from BrennanConroy as a code owner July 11, 2025 22:05
@dotnet-policy-service dotnet-policy-service bot added this to the 8.0.x milestone Jul 11, 2025
@BrennanConroy BrennanConroy added the Servicing-consider Shiproom approval is required for the issue label Jul 11, 2025
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Hi @@github-actions[bot]. Please make sure you've updated the PR description to use the Shiproom Template. Also, make sure this PR is not marked as a draft and is ready-to-merge.

To learn more about how to prepare a servicing PR click here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BrennanConroy BrennanConroy Awaiting requested review from BrennanConroy BrennanConroy is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Servicing-consider Shiproom approval is required for the issue
Projects
None yet
Milestone
8.0.x
Development

Successfully merging this pull request may close these issues.
1 participant
@BrennanConroy