Skip to content

Trim whitespace in forwarded host parsing#7291

Open
raashish1601 wants to merge 1 commit into
expressjs:masterfrom
raashish1601:spark/fix-forwarded-host-trim
Open

Trim whitespace in forwarded host parsing#7291
raashish1601 wants to merge 1 commit into
expressjs:masterfrom
raashish1601:spark/fix-forwarded-host-trim

Conversation

@raashish1601
Copy link
Copy Markdown

@raashish1601 raashish1601 commented May 30, 2026

Summary

Fix req.host to consistently trim whitespace from X-Forwarded-Host when trust proxy is enabled.

Changes

  • lib/request.js: trim X-Forwarded-Host in both comma-separated and single-value cases.
  • test/req.host.js: add regression test for spaced host header.

Validation

  • npm test -- test/req.host.js
  • npx mocha --require test/support/env test/req.host.js

Ap-0007
Ap-0007 reviewed Jun 7, 2026
View reviewed changes
Copy link
Copy Markdown

@Ap-0007 Ap-0007 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks solid! Changing trimRight() to trim() in the comma-separated case ensures we handle leading whitespace from poorly formatted headers, and falling back to trim() for the single value case provides excellent robustness. The added regression tests look very clear as well. Great work!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Ap-0007 Ap-0007 Ap-0007 left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@raashish1601 @Ap-0007