Skip to content

Commit

Permalink
[doc] Remove unsafe regex from code snippet
Browse files Browse the repository at this point in the history
  • Loading branch information
lpinca committed May 31, 2021
1 parent 7ee3115 commit 03a7078
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -395,7 +395,7 @@ the `X-Forwarded-For` header.

```js
wss.on('connection', function connection(ws, req) {
const ip = req.headers['x-forwarded-for'].split(/\s*,\s*/)[0];
const ip = req.headers['x-forwarded-for'].split(',')[0].trim();
});
```

Expand Down

1 comment on commit 03a7078

@netizen-ais
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Talking about security I would also mention that this header is under user's control

Please sign in to comment.