From e68d3e069f4cc6e82d1be909351331a19ca7c9bf Mon Sep 17 00:00:00 2001 From: Ash Davies <3853061+DrizzlyOwl@users.noreply.github.com> Date: Fri, 5 Jul 2024 15:05:41 +0100 Subject: [PATCH] Forward all proxied headers (#531) --- TramsDataApi/Startup.cs | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/TramsDataApi/Startup.cs b/TramsDataApi/Startup.cs index 88957b58..460d1bc2 100644 --- a/TramsDataApi/Startup.cs +++ b/TramsDataApi/Startup.cs @@ -1,5 +1,6 @@ using System.Text.Json.Serialization; using Dfe.Academisation.CorrelationIdMiddleware; +using Microsoft.AspNetCore.HttpOverrides; namespace TramsDataApi { @@ -122,6 +123,15 @@ public void ConfigureServices(IServiceCollection services) // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IApiVersionDescriptionProvider provider) { + // Ensure we do not lose X-Forwarded-* Headers when behind a Proxy + var forwardOptions = new ForwardedHeadersOptions { + ForwardedHeaders = ForwardedHeaders.All, + RequireHeaderSymmetry = false + }; + forwardOptions.KnownNetworks.Clear(); + forwardOptions.KnownProxies.Clear(); + app.UseForwardedHeaders(forwardOptions); + app.UseSecurityHeaders(options => { options.AddFrameOptionsDeny()