Backwards compatibility for Proxy trust config

2026-02-22 18:03:38 +08:00
parent fb32ca0a7d
commit 9c2809c195
3 changed files with 13 additions and 3 deletions
--- a/app/init.py
+++ b/app/init.py
@@ -3,6 +3,7 @@ from __future__ import annotations
 import html as html_module
 import logging
 import mimetypes
+import os
 import shutil
 import sys
 import time
@@ -93,8 +94,13 @@ def create_app(
        app.config.setdefault("WTF_CSRF_ENABLED", False)

    # Trust X-Forwarded-* headers from proxies
-    num_proxies = app.config.get("NUM_TRUSTED_PROXIES", 0)
+    num_proxies = app.config.get("NUM_TRUSTED_PROXIES", 1)
    if num_proxies:
+        if "NUM_TRUSTED_PROXIES" not in os.environ:
+            logging.getLogger(__name__).warning(
+                "NUM_TRUSTED_PROXIES not set, defaulting to 1. "
+                "Set NUM_TRUSTED_PROXIES=0 if not behind a reverse proxy."
+            )
        app.wsgi_app = ProxyFix(app.wsgi_app, x_for=num_proxies, x_proto=num_proxies, x_host=num_proxies, x_prefix=num_proxies)

    # Enable gzip compression for responses (10-20x smaller JSON payloads)
--- a/app/config.py
+++ b/app/config.py
@@ -314,7 +314,7 @@ class AppConfig:
        site_region = str(_get("SITE_REGION", "us-east-1"))
        site_priority = int(_get("SITE_PRIORITY", 100))
        ratelimit_admin = _validate_rate_limit(str(_get("RATE_LIMIT_ADMIN", "60 per minute")))
-        num_trusted_proxies = int(_get("NUM_TRUSTED_PROXIES", 0))
+        num_trusted_proxies = int(_get("NUM_TRUSTED_PROXIES", 1))
        allowed_redirect_hosts_raw = _get("ALLOWED_REDIRECT_HOSTS", "")
        allowed_redirect_hosts = [h.strip() for h in str(allowed_redirect_hosts_raw).split(",") if h.strip()]
        allow_internal_endpoints = str(_get("ALLOW_INTERNAL_ENDPOINTS", "0")).lower() in {"1", "true", "yes", "on"}
--- a/app/s3_api.py
+++ b/app/s3_api.py
@@ -2481,7 +2481,11 @@ def _post_object(bucket_name: str) -> Response:
    if success_action_redirect:
        allowed_hosts = current_app.config.get("ALLOWED_REDIRECT_HOSTS", [])
        if not allowed_hosts:
-            return _error_response("InvalidArgument", "Redirect not allowed: ALLOWED_REDIRECT_HOSTS not configured", 400)
+            current_app.logger.warning(
+                "ALLOWED_REDIRECT_HOSTS not configured, falling back to request Host header. "
+                "Set ALLOWED_REDIRECT_HOSTS for production deployments."
+            )
+            allowed_hosts = [request.host]
        parsed = urlparse(success_action_redirect)
        if parsed.scheme not in ("http", "https"):
            return _error_response("InvalidArgument", "Redirect URL must use http or https", 400)