Skip to content

[release/8.0] Add AppContext switch in patch release to opt-out of breaking behavior change in ForwardedHeaders middleware. #62688

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 14, 2025
Merged

[release/8.0] Add AppContext switch in patch release to opt-out of breaking behavior change in ForwardedHeaders middleware. #62688

merged 2 commits into from
Jul 14, 2025

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Jul 11, 2025
edited by BrennanConroy
Loading

Backport of #62687 to release/8.0

/cc @BrennanConroy

Add AppContext switch in patch release to opt-out of breaking behavior change in ForwardedHeaders middleware.

Description

We previously fixed a bug where KnownProxies and KnownNetworks weren't being applied in common cases. We didn't realize at the time this would break many customers apps.

The workaround is to configure KnownProxies and KnownNetworks, which is intended, and our docs do state that users should configure these. But due to the bug we recently fixed, users didn't need to configure those options for the app to work.

We're adding an app context switch to opt-out of the breaking change and go back to the previous behavior. This gives users the option to update their app code at a more convenient time, e.g. when 10.0 releases.

Customer Impact

Customers have noticed that updating to the latest patch breaks scenarios like Https redirection and auth flows due to the X-Forwarded-Proto header not being applied anymore.

Regression?

  • Yes
  • No

2.3.4, 8.0.17, 9.0.6
Change was made on purpose to harden security, but didn't realize it would cause a regression.

Risk

  • High
  • Medium
  • Low

Just adding an app context switch. Test coverage added for the switch as well.

Verification

  • Manual (required)
  • Automated

Packaging changes reviewed?

  • Yes
  • No
  • N/A

@github-actions github-actions bot requested a review from BrennanConroy as a code owner July 11, 2025 22:05
@dotnet-policy-service dotnet-policy-service bot added this to the 8.0.x milestone Jul 11, 2025
@BrennanConroy BrennanConroy added the Servicing-consider Shiproom approval is required for the issue label Jul 11, 2025
@artl93 artl93 added Servicing-approved Shiproom has approved the issue and removed Servicing-consider Shiproom approval is required for the issue labels Jul 14, 2025
@BrennanConroy BrennanConroy requested a review from wtgodbe July 14, 2025 20:29
@wtgodbe wtgodbe merged commit 185a3b6 into release/8.0 Jul 14, 2025
21 of 25 checks passed
@wtgodbe wtgodbe deleted the backport/pr-62687-to-release/8.0 branch July 14, 2025 23:11
@dotnet-policy-service dotnet-policy-service bot removed this from the 8.0.x milestone Jul 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wtgodbe wtgodbe wtgodbe approved these changes

@BrennanConroy BrennanConroy Awaiting requested review from BrennanConroy BrennanConroy is a code owner

Assignees
No one assigned
Labels
Servicing-approved Shiproom has approved the issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wtgodbe @BrennanConroy @artl93
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy