Javascript Snippet #04
Bookmarked!This challenge covers the review of a snippet of code written in JavaScript
In this Code Review Snippet challenge, you're presented with a piece of JavaScript code utilizing the Express framework. The primary focus is on identifying a security issue within the given code. Initially, you are encouraged to find the vulnerability without help. If you struggle, a detailed video explanation is available.
The provided code initializes an Express application and sets up a route named '/dangerous'. When accessed, the application logs the IP address of the requester using req.ip
. The video explains that the vulnerability lies in the fact that req.ip
only captures the IP address of the last client, which can be misleading if multiple proxies are involved. It suggests configuring Express to trust proxies and using req.ips
to get a more comprehensive list of IPs from the X-Forwarded-For header.