From fdacff0d93d54e8065ac7f5072041146f054a201 Mon Sep 17 00:00:00 2001
From: Oleksandr Savchenko <savchenko.oleksandr.ua+github@gmail.com>
Date: Thu, 20 May 2021 17:51:15 +0300
Subject: [PATCH] Split XFF header only by comma

---
 context.go      | 4 ++--
 context_test.go | 8 ++++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/context.go b/context.go
index 0cee48ce0..fad8bf7be 100644
--- a/context.go
+++ b/context.go
@@ -276,9 +276,9 @@ func (c *context) RealIP() string {
 	}
 	// Fall back to legacy behavior
 	if ip := c.request.Header.Get(HeaderXForwardedFor); ip != "" {
-		i := strings.IndexAny(ip, ", ")
+		i := strings.IndexAny(ip, ",")
 		if i > 0 {
-			return ip[:i]
+			return strings.TrimSpace(ip[:i])
 		}
 		return ip
 	}
diff --git a/context_test.go b/context_test.go
index 2c61ffb3a..a8b9a9946 100644
--- a/context_test.go
+++ b/context_test.go
@@ -888,6 +888,14 @@ func TestContext_RealIP(t *testing.T) {
 			},
 			"127.0.0.1",
 		},
+		{
+			&context{
+				request: &http.Request{
+					Header: http.Header{HeaderXForwardedFor: []string{"127.0.0.1,127.0.1.1"}},
+				},
+			},
+			"127.0.0.1",
+		},
 		{
 			&context{
 				request: &http.Request{