joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: The client IP address may be determined incorrectly in some cases; this fixes a security vulnerability in which the Parse Server option masterKeyIps may be circumvented, see [GHSA-vm5r-c87r-pf6x](https://github.com/parse-community/parse-server/security/advisories/GHSA-vm5r-c87r-pf6x) (#8372)

Browse Source 
BREAKING CHANGE: The mechanism to determine the client IP address has been rewritten; to correctly determine the IP address it is now required to set the Parse Server option `trustProxy` accordingly if Parse Server runs behind a proxy server, see the express framework's [trust proxy](https://expressjs.com/en/guide/behind-proxies.html) setting (#8372)
This commit is contained in:
Manuel
2023-01-05 14:26:54 +01:00
committed by GitHub
parent b7815ed80a
commit 892040dc2f
7 changed files with 19 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/ParseServer.js
View File

@@ -343,6 +343,9 @@ class ParseServer {
options
);
}
if (options.trustProxy) {
app.set('trust proxy', options.trustProxy);
}
/* istanbul ignore next */
if (!process.env.TESTING) {
configureListeners(this);