Skip to content

Fix Host header forwarding to support reverse proxy usage#11

Merged
bulletmark merged 1 commit into
masterfrom
bulletmark/fix-host-header-forwarding
Jun 2, 2026
Merged

Fix Host header forwarding to support reverse proxy usage#11
bulletmark merged 1 commit into
masterfrom
bulletmark/fix-host-header-forwarding

Conversation

@bulletmark

Copy link
Copy Markdown
Owner

When corsproxy is deployed behind a reverse proxy (like Traefik), the incoming request's Host header points to the proxy's hostname rather than the target server's hostname. Previously, corsproxy would forward this Host header unchanged, causing many target servers to respond with 404 errors because they didn't recognize the proxy's hostname in their virtual host configuration.

This PR modifies the request forwarding logic to filter out the Host header before sending requests to the target server. This allows aiohttp to automatically set the correct Host header based on the target URL, ensuring that target servers receive the hostname they expect.

Changes

  • Modified the get() function in corsproxy to filter out the Host header (case-insensitively) from forwarded requests
  • The change is minimal and surgical - a single line modification that preserves all other header forwarding behavior

Benefits

  • Fixes 404 errors when corsproxy is used behind reverse proxies
  • Users no longer need to manually configure Host header overrides in their reverse proxy setup
  • Maintains backward compatibility with existing deployments
  • Follows HTTP/1.1 standards where the Host header should match the target server

Fixes: #9

Remove the Host header from forwarded requests so that aiohttp
automatically sets the correct Host header based on the target URL.

Previously, when corsproxy was used behind a reverse proxy (like Traefik),
it would forward the client's Host header (e.g., proxy.example.com) to
the target server. Many target servers using virtual host configurations
would respond with 404 errors because they didn't recognize the proxy's
hostname.

Now, by filtering out the Host header before forwarding, aiohttp sets
the correct Host header based on the target URL (e.g.,
www.researchcatalogue.net), ensuring the target server receives the
expected hostname.

This change maintains backward compatibility while fixing the issue
for users behind reverse proxies without requiring manual Host header
configuration in the reverse proxy.

Fixes #9

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 2, 2026 23:13
@bulletmark bulletmark merged commit 1401122 into master Jun 2, 2026
1 check passed

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adjusts request header forwarding in corsproxy so that when deployed behind a reverse proxy, the inbound Host header is not forwarded to the target server—allowing the HTTP client to set Host based on the target URL and avoiding vhost-based 404s.

Changes:

  • Filters out the Host header (case-insensitively) from forwarded request headers in get().
  • Adds inline comments explaining why Host should not be forwarded in this setup.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread corsproxy
# Create mutable copy of headers and remove Host header so aiohttp
# sets it correctly based on the target URL instead of forwarding
# the client's Host header
hdr = {k: v for k, v in request.headers.items() if k.lower() != 'host'}
@bulletmark bulletmark deleted the bulletmark/fix-host-header-forwarding branch June 3, 2026 22:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

corsproxy requires headers "Host" set to target server?

2 participants