From 784f6c5eff1720c8af89be8d5ca3f7cfc2448a6a Mon Sep 17 00:00:00 2001
From: JPVenson <github@jpb.email>
Date: Fri, 28 Mar 2025 08:08:18 +0100
Subject: [PATCH] Fix trusting all sources for forward headers if none are
 configured

---
 Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
index 597643ed19..20f307ca90 100644
--- a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
+++ b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
@@ -118,15 +118,15 @@ namespace Jellyfin.Server.Extensions
                     // https://github.com/dotnet/aspnetcore/blob/master/src/Middleware/HttpOverrides/src/ForwardedHeadersMiddleware.cs
                     // Enable debug logging on Microsoft.AspNetCore.HttpOverrides.ForwardedHeadersMiddleware to help investigate issues.
 
-                    options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedHost;
-
                     if (config.KnownProxies.Length == 0)
                     {
+                        options.ForwardedHeaders = ForwardedHeaders.None;
                         options.KnownNetworks.Clear();
                         options.KnownProxies.Clear();
                     }
                     else
                     {
+                        options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedHost;
                         AddProxyAddresses(config, config.KnownProxies, options);
                     }