Skip to content

Fix: configure trust proxy via CIDR list #349

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
marcelosalloum merged 5 commits into from
Jan 23, 2026
Merged

Fix: configure trust proxy via CIDR list #349

marcelosalloum merged 5 commits into from
Jan 23, 2026

Conversation

@marcelosalloum
Copy link
Contributor

@marcelosalloum marcelosalloum commented Jan 21, 2026
edited
Loading

What

  • Compile TRUST_PROXY CIDR list with proxy-addr for safe proxy trust handling.
  • Log the effective trust proxy configuration.
  • Add @types/proxy-addr for TypeScript support.

Why

  • Ensure client IP resolution is correct behind trusted proxies.
  • Prevent spoofed forwarded headers from untrusted sources.

@marcelosalloum marcelosalloum marked this pull request as ready for review January 21, 2026 23:07
Copilot AI review requested due to automatic review settings January 21, 2026 23:07
@socket-security
Copy link

socket-security bot commented Jan 21, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​types/​proxy-addr@​2.0.31001006979100
Added@​types/​supertest@​6.0.31001007181100

View full report

@stellar-jenkins
Copy link

stellar-jenkins commented Jan 21, 2026

Preview is available here:
https://dashboard-pr349.dashboard-previews.kube001.services.stellar-ops.com/

Copilot AI reviewed Jan 21, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request aims to improve proxy trust configuration by using the proxy-addr library to compile CIDR lists for safer client IP resolution behind proxies, preventing IP spoofing from untrusted sources.

Changes:

  • Added @types/proxy-addr type definitions to dependencies
  • Updated trust proxy configuration to parse comma-separated CIDR lists and compile them using proxy-addr.compile()
  • Enhanced logging to show the effective trust proxy configuration

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 5 comments.

File Description
package.json Added @types/proxy-addr to dependencies for TypeScript support
package-lock.json Updated lockfile with @types/proxy-addr and promoted @types/node and undici-types from dev to production dependencies
backend/routes.ts Refactored trust proxy configuration to parse CIDR list and use proxy-addr.compile() for compilation

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@stellar-jenkins
Copy link

stellar-jenkins commented Jan 22, 2026

Preview is available here:
https://dashboard-pr349.dashboard-previews.kube001.services.stellar-ops.com/

@stellar-jenkins
Copy link

stellar-jenkins commented Jan 22, 2026

Something went wrong with PR preview build please check

@stellar-jenkins
Copy link

stellar-jenkins commented Jan 22, 2026

Preview is available here:
https://dashboard-pr349.dashboard-previews.kube001.services.stellar-ops.com/

@marcelosalloum marcelosalloum self-assigned this Jan 22, 2026
@github-project-automation github-project-automation bot moved this to Backlog (Not Ready) in DevX Jan 22, 2026
@stellar-jenkins
Copy link

stellar-jenkins commented Jan 22, 2026

Preview is available here:
https://dashboard-pr349.dashboard-previews.kube001.services.stellar-ops.com/

@marcelosalloum marcelosalloum merged commit acdacc4 into master Jan 23, 2026
6 checks passed
@marcelosalloum marcelosalloum deleted the fix/trust-proxy branch January 23, 2026 18:37
@github-project-automation github-project-automation bot moved this from Backlog (Not Ready) to Done in DevX Jan 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@quietbits quietbits quietbits approved these changes

Assignees

@marcelosalloum marcelosalloum

Labels

None yet

Projects

DevX
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@marcelosalloum @stellar-jenkins @quietbits