fix: correctly get x-forwarded-for for browser info in events (#9149)

# Which Problems Are Solved Events like "password check succeeded" store some information about the caller including their IP. The `X-Forwarded-For` was not correctly logged, but instead the RemoteAddress. # How the Problems Are Solved - Correctly get the `X-Forwarded-For` in canonical form. # Additional Changes None # Additional Context closes [#9106](https://github.com/zitadel/zitadel/issues/9106) (cherry picked from commit c966446f80)
2025-08-11 21:27:42 +00:00 · 2025-01-08 10:30:12 +01:00
parent 5f7dd9aa3d
commit 0c0babf010
1 changed files with 2 additions and 8 deletions
--- a/internal/api/http/header.go
+++ b/internal/api/http/header.go
@@ -108,14 +108,8 @@ func GetOrgID(r *http.Request) string {
 }

 func GetForwardedFor(headers http.Header) (string, bool) {
-	forwarded, ok := headers[ForwardedFor]
-	if ok {
-		ip := strings.TrimSpace(strings.Split(forwarded[0], ",")[0])
-		if ip != "" {
-			return ip, true
-		}
-	}
-	return "", false
+	forwarded := strings.Split(headers.Get(ForwardedFor), ",")[0]
+	return forwarded, forwarded != ""
 }

 func RemoteAddrFromCtx(ctx context.Context) string {