From: Yamagishi Kazutoshi <ykzts@desire.sh>
Date: Tue, 19 Apr 2022 07:11:58 +0000 (+0900)
Subject: Fix parsing `TRUSTED_PROXY_IP` (#18051)
X-Git-Url: https://git.xn--scling-oua.cat.family/?a=commitdiff_plain;h=cd43b451231369ceb061e5b4cf7f8e93d93efa32;p=mastodon.git

Fix parsing `TRUSTED_PROXY_IP` (#18051)
---

diff --git a/config/environments/production.rb b/config/environments/production.rb
index 8d82a46f6..69f80667e 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -42,7 +42,7 @@ Rails.application.configure do
   config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
 
   # Allow to specify public IP of reverse proxy if it's needed
-  config.action_dispatch.trusted_proxies = ENV['TRUSTED_PROXY_IP'].split.map { |item| IPAddr.new(item) } if ENV['TRUSTED_PROXY_IP'].present?
+  config.action_dispatch.trusted_proxies = ENV['TRUSTED_PROXY_IP'].split(/(?:\s*,\s*|\s+)/).map { |item| IPAddr.new(item) } if ENV['TRUSTED_PROXY_IP'].present?
 
   config.force_ssl = true
   config.ssl_options = {
diff --git a/streaming/index.js b/streaming/index.js
index 780c4015d..e68f85c17 100644
--- a/streaming/index.js
+++ b/streaming/index.js
@@ -146,7 +146,7 @@ const startWorker = async (workerId) => {
 
   const app = express();
 
-  app.set('trusted proxy', process.env.TRUSTED_PROXY_IP || 'loopback,uniquelocal');
+  app.set('trust proxy', process.env.TRUSTED_PROXY_IP ? process.env.TRUSTED_PROXY_IP.split(/(?:\s*,\s*|\s+)/) : 'loopback,uniquelocal');
 
   const pgPool = new pg.Pool(Object.assign(pgConfigs[env], dbUrlToConfig(process.env.DATABASE_URL)));
   const server = http.createServer(app);