Allow Override Option to Trust X-Forwarded-For and X-Real-IP Headers

[maxxoverclocker 5]

Is there any possibility we could add an option that would allow Emby to trust X-Forwarded-For and X-Real-IP headers? Essentially reverting back to 4.7.11 behavior? Currently I'm stuck on 4.7.11 as I was hit by the recent Emby vulnerability and as a precaution, placed an nginx proxy server in front of Emby. All requests get proxied through nginx where headers are stripped and replaced (to not allow for the situation that allowed for Emby to be compromised in the first place). This is a pretty common setup for services that run in docker containers so you don't have to deal with configuring SSL for every service.

Any chance for this?

[Luke 42078]

HI, yes we can add more control over this, but why do you think you're stuck? Have you tried the newer version?

[maxxoverclocker 5]

2 hours ago, Luke said:

HI, yes we can add more control over this, but why do you think you're stuck? Have you tried the newer version?

Yes, I tried 4.7.12 and 4.7.13 and on both versions, all accounts require a password even if they are on local subnets because everything is proxied and Emby does not trust the headers inserted by nginx. That’s really the only reason I’m stuck.

[Luke 42078]

OK if you want to jump on the server beta channel we'll be adding options in upcoming updates. Thanks.