diff --git a/internal/api/server.go b/internal/api/server.go index c8e92c8e..05bcd1cf 100644 --- a/internal/api/server.go +++ b/internal/api/server.go @@ -217,9 +217,6 @@ func NewServer(cfg *config.Config, authManager *auth.Manager, accessManager *sdk // Create gin engine engine := gin.New() - if errSetTrustedProxies := engine.SetTrustedProxies(nil); errSetTrustedProxies != nil { - log.Warnf("failed to disable trusted proxy headers: %v", errSetTrustedProxies) - } if optionState.engineConfigurator != nil { optionState.engineConfigurator(engine) } diff --git a/internal/api/server_test.go b/internal/api/server_test.go index 8f59752d..c853a711 100644 --- a/internal/api/server_test.go +++ b/internal/api/server_test.go @@ -6,7 +6,6 @@ import ( "net/http/httptest" "os" "path/filepath" - "strings" "testing" "time" @@ -21,10 +20,6 @@ import ( ) func newTestServer(t *testing.T) *Server { - return newTestServerWithOptions(t) -} - -func newTestServerWithOptions(t *testing.T, opts ...ServerOption) *Server { t.Helper() gin.SetMode(gin.TestMode) @@ -50,7 +45,7 @@ func newTestServerWithOptions(t *testing.T, opts ...ServerOption) *Server { accessManager := sdkaccess.NewManager() configPath := filepath.Join(tmpDir, "config.yaml") - return NewServer(cfg, authManager, accessManager, configPath, opts...) + return NewServer(cfg, authManager, accessManager, configPath) } func TestHealthz(t *testing.T) { @@ -152,26 +147,6 @@ func TestManagementUsageRequiresManagementAuthAndPopsArray(t *testing.T) { } } -func TestManagementLocalPasswordRejectsSpoofedForwardedFor(t *testing.T) { - t.Setenv("MANAGEMENT_PASSWORD", "") - - server := newTestServerWithOptions(t, WithLocalManagementPassword("test-local-key")) - - req := httptest.NewRequest(http.MethodGet, "/v0/management/config", nil) - req.RemoteAddr = "203.0.113.10:45678" - req.Header.Set("X-Forwarded-For", "127.0.0.1") - req.Header.Set("Authorization", "Bearer test-local-key") - - rr := httptest.NewRecorder() - server.engine.ServeHTTP(rr, req) - if rr.Code != http.StatusForbidden { - t.Fatalf("status = %d, want %d body=%s", rr.Code, http.StatusForbidden, rr.Body.String()) - } - if body := rr.Body.String(); !strings.Contains(body, "remote management disabled") { - t.Fatalf("body = %q, want remote management disabled", body) - } -} - func TestHomeEnabledHidesManagementEndpointsAndControlPanel(t *testing.T) { t.Setenv("MANAGEMENT_PASSWORD", "test-management-key")