You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Function getIPAddrList contains the following comment:
// Possible performance improvements:// Here we are parsing _all_ of the IPs in the XFF headers, but we don't need all of// them. Instead, we could start from the left or the right (depending on strategy),// parse as we go, and stop when we've come to the one we want. But that would make// the various strategies somewhat more complex.
Indeed. At the moment, because that function splits the values of the XFO fields on commas, adversaries could send a maliciously long XFO header full of commas in order to cause many allocations; see rs/cors#170.
If the various strategies were modified to rely on Go 1.23's iterators (one for each direction), performance could be improved.
The text was updated successfully, but these errors were encountered:
Function
getIPAddrListcontains the following comment:Indeed. At the moment, because that function splits the values of the XFO fields on commas, adversaries could send a maliciously long XFO header full of commas in order to cause many allocations; see rs/cors#170.
If the various strategies were modified to rely on Go 1.23's iterators (one for each direction), performance could be improved.
The text was updated successfully, but these errors were encountered: