From ecb4482a1b44cc61cdf70d2a5b81cf321aafe2ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Szak=C3=A1ts=20Alp=C3=A1r=20Zsolt?= <szakatsa@gmail.com>
Date: Wed, 15 Oct 2025 19:48:58 +0200
Subject: [PATCH] Configures forwarded headers options

Configures the forwarded headers options to accept all forwarded headers,
clears the default known networks and proxies, and adds a new known IP network
to allow any IP address. This is necessary to handle requests from proxies
and load balancers correctly.
---
 Source/ProofOfConcept/Program.cs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Source/ProofOfConcept/Program.cs b/Source/ProofOfConcept/Program.cs
index bc01ccb..80efd6a 100644
--- a/Source/ProofOfConcept/Program.cs
+++ b/Source/ProofOfConcept/Program.cs
@@ -1,3 +1,4 @@
+using System.Net;
 using System.Text;
 using System.Text.Json;
 using Microsoft.AspNetCore.Authentication;
@@ -13,6 +14,7 @@ using ProofOfConcept.Models;
 using ProofOfConcept.Services;
 using ProofOfConcept.Utilities;
 using SzakatsA.Result;
+using IPNetwork = System.Net.IPNetwork;
 
 Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
 
@@ -150,8 +152,9 @@ builder.Services.AddHostedService<MQTTClient>();
 WebApplication app = builder.Build();
 
 ForwardedHeadersOptions forwardedHeadersOptions = new ForwardedHeadersOptions() { ForwardedHeaders = ForwardedHeaders.All };
-forwardedHeadersOptions.KnownNetworks.Clear();
+forwardedHeadersOptions.KnownIPNetworks.Clear();
 forwardedHeadersOptions.KnownProxies.Clear();
+forwardedHeadersOptions.KnownIPNetworks.Add(new IPNetwork(IPAddress.Any, 0));
 forwardedHeadersOptions.ForwardLimit = null;            // allow entire header chain, even if single hop
 forwardedHeadersOptions.RequireHeaderSymmetry = false;  // don’t bail if headers aren’t “perfectly” paired