middleware.RealIP: also check True-Client-IP request header (#678)

go-chi · Nov 18, 2021 · 991ad53 · 991ad53
1 parent 66d6a4d
commit 991ad53
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/middleware/realip.go b/middleware/realip.go
@@ -8,12 +8,13 @@ import (
 	"strings"
 )
 
+var trueClientIP = http.CanonicalHeaderKey("True-Client-IP")
 var xForwardedFor = http.CanonicalHeaderKey("X-Forwarded-For")
 var xRealIP = http.CanonicalHeaderKey("X-Real-IP")
 
 // RealIP is a middleware that sets a http.Request's RemoteAddr to the results
-// of parsing either the X-Real-IP header or the X-Forwarded-For header (in that
-// order).
+// of parsing either the True-Client-IP, X-Real-IP or the X-Forwarded-For headers
+// (in that order).
 //
 // This middleware should be inserted fairly early in the middleware stack to
 // ensure that subsequent layers (e.g., request loggers) which examine the
@@ -40,7 +41,9 @@ func RealIP(h http.Handler) http.Handler {
 func realIP(r *http.Request) string {
 	var ip string
 
-	if xrip := r.Header.Get(xRealIP); xrip != "" {
+	if tcip := r.Header.Get(trueClientIP); tcip != "" {
+		ip = tcip
+	} else if xrip := r.Header.Get(xRealIP); xrip != "" {
 		ip = xrip
 	} else if xff := r.Header.Get(xForwardedFor); xff != "" {
 		i := strings.Index(xff, ", ")