Ensure the remote Ip address is correct behind RP for Security middleware.

2025-05-10 11:49:56 -05:00 · 2025-05-10 11:49:56 -05:00 · 7a2227d64a
commit 7a2227d64a
parent c7d8c78c10
1 changed files with 2 additions and 1 deletions
--- a/API/Middleware/SecurityMiddleware.cs
+++ b/API/Middleware/SecurityMiddleware.cs
@ -1,5 +1,6 @@
 using System;
 using System.IO;
+using System.Linq;
 using System.Net;
 using System.Text.Json;
 using System.Threading.Tasks;
@ -26,7 +27,7 @@ public class SecurityEventMiddleware(RequestDelegate next)
        }
        catch (KavitaUnauthenticatedUserException ex)
        {
-            var ipAddress = context.Connection.RemoteIpAddress?.ToString();
+            var ipAddress = context.Request.Headers["X-Forwarded-For"].FirstOrDefault() ?? context.Connection.RemoteIpAddress?.ToString());
            var requestMethod = context.Request.Method;
            var requestPath = context.Request.Path;
            var userAgent = context.Request.Headers.UserAgent;