Feature #23385
closed
_inspect/requests endpoint should include X-Forwarded-For header value
Description
Typically, RemoteAddr points to Nginx, but the downstream client's address is what we want to know.
Update example at https://doc.arvados.org/main/admin/inspect.html.
Updated by Tom Clegg 2 months ago
- Target version changed from Future to Development 2026-01-21
- Assigned To set to Tom Clegg
- Status changed from New to In Progress
23385-inspect-xff @ 112cda90da92490aad0e5bd8c331dc51d557f449 -- developer-run-tests: #5008
Updated by Brett Smith 2 months ago
Tom Clegg wrote in #note-1:
23385-inspect-xff @ 112cda90da92490aad0e5bd8c331dc51d557f449 -- developer-run-tests: #5008
One doc thing that is small but feels outsized: I understand why it's written this way, but to me "Assuming well-behaved proxies and client" reads awkwardly because of the number disagreement.
My feeling is that instead of trying to summarize the header ourselves, we'd be better off just referring readers to the MDN docs or similar. This header is pretty messy and a link would let the reader get as deep into the weeds as they care to. What do you think about that approach?
Updated by Tom Clegg 2 months ago
Yes, suits me.
23385-inspect-xff @ eeb4f054fe6ade336762eab9b04adce0e6774115
Updated by Brett Smith 2 months ago
Tom Clegg wrote in #note-4:
23385-inspect-xff @ eeb4f054fe6ade336762eab9b04adce0e6774115
LGTM, thanks.
Updated by Tom Clegg 2 months ago
- Status changed from In Progress to Resolved
Applied in changeset arvados|a39eada7be5a130b2df5e37e71bc1ad0e73640a6.