From e50cfbe2d08007b1bdee00ce51105284ab4624ce Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Fri, 24 Jan 2025 13:25:32 -0800
Subject: [PATCH] Remove the forwarded and x-forwarded-host headers (#5409)

We are already setting the Host header properly in the request to the rails app

Prevents malicious redirects & their being cached

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 config/deploy/nginx-configmap.yaml.erb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/config/deploy/nginx-configmap.yaml.erb b/config/deploy/nginx-configmap.yaml.erb
index 308835c7a0d..5a38abfb62e 100644
--- a/config/deploy/nginx-configmap.yaml.erb
+++ b/config/deploy/nginx-configmap.yaml.erb
@@ -78,6 +78,8 @@ data:
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme_from_fastly;
+        proxy_set_header Forwarded "";
+        proxy_set_header X-Forwarded-Host "";
         proxy_set_header Client-IP "";
         proxy_set_header Host $host;
         proxy_redirect off;