feat(@angular/ssr): support the standard Forwarded header by alan-agius4 · Pull Request #33406 · angular/angular-cli
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
This commit adds support for the standard RFC 7239 `Forwarded` header in the Angular SSR request parsing and validation layers. Previously, only non-standard `x-forwarded-*` headers were supported for resolving proxy-forwarded protocols, hosts, and ports. With this change: - A new `parseForwardedHeader` utility is added to parse standard `Forwarded` header parameters (such as `host` and `proto`), correctly handling quoted values and escaped characters. - In `createRequestUrl`, if the `Forwarded` header is trusted (via `trustProxyHeaders` configuration), its `host` and `proto` parameters are extracted and take precedence over corresponding `x-forwarded-host` and `x-forwarded-proto` headers. - Request validation is updated to verify the validity of `Forwarded` host and proto parameters. - Request sanitization is updated to scrub or retain the `Forwarded` header based on the configured trusted proxy headers. Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Forwarded
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters