remove spoof-able request header (#7103)

* remove spoof-able request header https://github.com/seaweedfs/seaweedfs/issues/7094#issuecomment-3158320497 * Update weed/security/guard.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-08-06 10:08:30 -07:00
parent 0703308270
commit e446234e9c
2 changed files with 2 additions and 34 deletions
--- a/weed/server/master_server.go
+++ b/weed/server/master_server.go
@@ -257,12 +257,6 @@ func (ms *MasterServer) proxyToLeader(f http.HandlerFunc) http.HandlerFunc {
 		// proxy to leader
 		glog.V(4).Infoln("proxying to leader", raftServerLeader)
 		proxy := httputil.NewSingleHostReverseProxy(targetUrl)
-		director := proxy.Director
-		proxy.Director = func(req *http.Request) {
-			actualHost := security.GetActualRemoteHost(req)
-			req.Header.Set("HTTP_X_FORWARDED_FOR", actualHost)
-			director(req)
-		}
 		proxy.Transport = util_http.GetGlobalHttpClient().GetClientTransport()
 		proxy.ServeHTTP(w, r)
 	}