browser-sync: Proxy mode missing critical headers

Given:

When running in proxy mode, we need the following headers in order for the application to work properly:

X-Forwarded-For: The IP address of the client (because the incoming request is coming from the proxy, which masks the client’s real IP address)
X-Forwarded-Host: The host requested by the client (i.e. the proxy address, not the existing server’s address)
Host: The existing server’s address (right now it is the proxy server’s address, which is wrong). In https://github.com/BrowserSync/browser-sync/pull/120#issuecomment-39418996 you confirmed the behavior I am asking for, but the implementation does not match what you said it should be.

The first header is needed for security reasons (ability to detect local vs remote clients). The second header is needed for redirecting clients (e.g. redirect the user to the login page).

About this issue

Original URL
State: closed
Created 9 years ago
Comments: 15 (5 by maintainers)

Commits related to this issue

feat(proxy): Allow user-specified proxy request headers fixes #430 — committed to BrowserSync/browser-sync by deleted user 9 years ago
Allow any node-http-proxy options to be passed through via `proxyOptions` - re: https://github.com/BrowserSync/browser-sync/issues/430 — committed to shakyShane/foxy by shakyShane 9 years ago
feat(proxy): allow any node-http-proxy options via proxy.proxyOptions - fixes #430 — committed to AsherBond/browser-sync by shakyShane 9 years ago

Most upvoted comments

If you want to pass the Host header to the backend unchanged, use the following config:

  proxy: {
    target: "...",
    proxyOptions: {
      changeOrigin: false
    }
  },

By default, browser-sync passes changeOriginal: true to node-http-proxy, and this will change the Host header.

heijmans on Jun 9, 2017

version 2.7.0 allows any of the node-http-proxy options to be passed through, so in your case, xfwd is the one you want.

var bs = require('browser-sync').create();

bs.init({
    proxy: {
        target: "www.bbc.co.uk",
        proxyOptions: {
            xfwd: true
        }
    }
});

shakyShane on May 4, 2015

there is no proxy.proxyOptions description in API Documention

dancon on Sep 19, 2017

@cowwoc sorry it’s not documented yet, but it’s just the foxy config object https://github.com/shakyShane/foxy/blob/master/lib/server.js#L16-L21

You could log it out for now to see what you have access to.

browserSync({
    files: ["app/css/*.css"],
    proxy: {
        target: "localhost:8000",
        reqHeaders: function (config) {
            console.log(config);
            return {
                "host":            config.urlObj.host,
                "accept-encoding": "identity",
                "agent":           false
            }
        }
    }
});

shakyShane on Feb 17, 2015