From 2df3f1f28c6e56ef0333bf91e86ad5d60f8396d9 Mon Sep 17 00:00:00 2001
From: Joachim Van Herwegen <joachimvh@gmail.com>
Date: Mon, 26 Jul 2021 13:59:09 +0200
Subject: [PATCH] fix: Trust X-Forwarded headers in the IDP

---
 src/identity/configuration/IdentityProviderFactory.ts        | 5 ++++-
 .../identity/configuration/IdentityProviderFactory.test.ts   | 4 +++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/identity/configuration/IdentityProviderFactory.ts b/src/identity/configuration/IdentityProviderFactory.ts
index 10ca55b6a..0f972df5f 100644
--- a/src/identity/configuration/IdentityProviderFactory.ts
+++ b/src/identity/configuration/IdentityProviderFactory.ts
@@ -101,7 +101,10 @@ export class IdentityProviderFactory implements ProviderFactory {
     // Render errors with our own error handler
     this.configureErrors(config);
 
-    return new Provider(this.baseUrl, config);
+    // Allow provider to interpret reverse proxy headers
+    const provider = new Provider(this.baseUrl, config);
+    provider.proxy = true;
+    return provider;
   }
 
   /**
diff --git a/test/unit/identity/configuration/IdentityProviderFactory.test.ts b/test/unit/identity/configuration/IdentityProviderFactory.test.ts
index 91c5ee733..e523201af 100644
--- a/test/unit/identity/configuration/IdentityProviderFactory.test.ts
+++ b/test/unit/identity/configuration/IdentityProviderFactory.test.ts
@@ -79,7 +79,9 @@ describe('An IdentityProviderFactory', (): void => {
 
   it('creates a correct configuration.', async(): Promise<void> => {
     // This is the output of our mock function
-    const { issuer, config } = await factory.getProvider() as unknown as { issuer: string; config: Configuration };
+    const provider = await factory.getProvider() as any;
+    expect(provider.proxy).toBe(true);
+    const { issuer, config } = provider as { issuer: string; config: Configuration };
     expect(issuer).toBe(baseUrl);
 
     // Copies the base config