Closed
Description
When an application sits behind an HTTP proxy terminating the TLS connection, the proxy sets X-Forwarded-* to tell the server about the original request: host, port, and protocol information.
Most servers (Tomcat, Undertow and Jetty) deal with that in their own codebase since it involves wrapping/changing the request information at a low level.
Could Reactor Netty support an HttpServerOption for enabling such a feature?
This should be disabled by default, as this could lead to attackers spoofing their peer address if there is no proxy in front of the application or if the proxy does not clean those incoming headers.