Add IP_HEADER env var to override client IP source#20
Merged
Conversation
Allows customers behind an upstream proxy (eg. zScaler, Imperva) to point the worker at a different header (typically x-forwarded-for) so the real client IP, rather than the proxy egress IP, is sent to the CrowdHandler API. For multi-value headers the left-most entry is used. Falls back to cf-connecting-ip if the configured header is missing/empty or anything throws, so existing deployments are unaffected. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Adds an environment-variable-controlled override for how the worker determines the client IP address, enabling deployments behind upstream proxies to forward the intended client IP to the CrowdHandler API while preserving the existing cf-connecting-ip behavior as a fallback.
Changes:
- Introduces
IP_HEADERenv var support to optionally read the client IP from a specified request header (with left-most parsing for comma-separated values). - Adds defensive fallback behavior to default back to
cf-connecting-ipon missing/empty overrides or runtime errors. - Regenerates built artifacts in
dist/to reflect the updated worker logic.
Reviewed changes
Copilot reviewed 1 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| index.js | Adds IP_HEADER-based IP resolution with fallback to cf-connecting-ip. |
| dist/index.js | Updates compiled worker output to include the new IP resolution logic. |
| dist/index.js.map | Updates source map to match the rebuilt output. |
| dist/README.md | Updates build timestamp for the regenerated dist/ artifacts. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+147
to
+155
| if (env.IP_HEADER) { | ||
| const overrideValue = requestHeaders[env.IP_HEADER.toLowerCase()] | ||
| if (overrideValue) { | ||
| const parsed = overrideValue.split(',')[0].trim() | ||
| if (parsed) { | ||
| IPAddress = parsed | ||
| } | ||
| } | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Allows customers behind an upstream proxy (eg. zScaler, Imperva) to point the worker at a different header (typically x-forwarded-for) so the real client IP, rather than the proxy egress IP, is sent to the CrowdHandler API. For multi-value headers the left-most entry is used. Falls back to cf-connecting-ip if the configured header is missing/empty or anything throws, so existing deployments are unaffected.