From 3fa5dfc87340ffec34d830a4e906f399845e33d6 Mon Sep 17 00:00:00 2001
From: Chongyi Zheng <harry@harryzheng.com>
Date: Tue, 12 Jul 2022 22:59:23 -0400
Subject: [PATCH] Use x-forwarded-host only when trustProxy is true

---
 server/server.js             | 14 +++++++++++---
 server/uptime-kuma-server.js |  2 --
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/server/server.js b/server/server.js
index 2d3f37eeb..0c08da078 100644
--- a/server/server.js
+++ b/server/server.js
@@ -164,12 +164,20 @@ let needSetup = false;
 
     // Entry Page
     app.get("/", async (request, response) => {
-        log.debug("entry", `Request Domain: ${request.hostname}`);
+        let hostname = request.hostname;
+        if (await setting("trustProxy")) {
+            const proxy = request.headers["x-forwarded-host"];
+            if (proxy) {
+                hostname = proxy;
+            }
+        }
 
-        if (request.hostname in StatusPage.domainMappingList) {
+        log.debug("entry", `Request Domain: ${hostname}`);
+
+        if (hostname in StatusPage.domainMappingList) {
             log.debug("entry", "This is a status page domain");
 
-            let slug = StatusPage.domainMappingList[request.hostname];
+            let slug = StatusPage.domainMappingList[hostname];
             await StatusPage.handleStatusPageResponse(response, server.indexHTML, slug);
 
         } else if (exports.entryPage && exports.entryPage.startsWith("statusPage-")) {
diff --git a/server/uptime-kuma-server.js b/server/uptime-kuma-server.js
index 991c7ba26..34031b237 100644
--- a/server/uptime-kuma-server.js
+++ b/server/uptime-kuma-server.js
@@ -49,8 +49,6 @@ class UptimeKumaServer {
 
         log.info("server", "Creating express and socket.io instance");
         this.app = express();
-        this.app.enable("trust proxy");
-
         if (sslKey && sslCert) {
             log.info("server", "Server Type: HTTPS");
             this.httpServer = https.createServer({