Merge aaa10ab0323845d8989435b6e7d511692585a643 into 915e4c90d28ec4cffc6eb146e208ab5a65eac772

2026-01-11 17:17:04 +08:00 · 2025-12-27 21:13:27 +08:00 · 2025-12-27 21:13:27 +08:00 · bcbb36ef9f
commit bcbb36ef9f
parent 915e4c90d2 aaa10ab032
2 changed files with 58 additions and 1 deletions
--- a/context.go
+++ b/context.go
@ -989,7 +989,8 @@ func (c *Context) ClientIP() string {

 	if trusted && c.engine.ForwardedByClientIP && c.engine.RemoteIPHeaders != nil {
 		for _, headerName := range c.engine.RemoteIPHeaders {
-			ip, valid := c.engine.validateHeader(c.requestHeader(headerName))
+			headerValue := strings.Join(c.Request.Header.Values(headerName), ",")
+			ip, valid := c.engine.validateHeader(headerValue)
 			if valid {
 				return ip
 			}
--- a/context_test.go
+++ b/context_test.go
@ -1143,6 +1143,62 @@ func TestContextRenderNoContentIndentedJSON(t *testing.T) {
 	assert.Equal(t, "application/json; charset=utf-8", w.Header().Get("Content-Type"))
 }

+func TestContextClientIPWithMultipleHeaders(t *testing.T) {
+	// Create a new Gin engine
+	engine := New()
+
+	// Set trusted proxies
+	engine.SetTrustedProxies([]string{"127.0.0.1"})
+	engine.ForwardedByClientIP = true
+	engine.RemoteIPHeaders = []string{"X-Forwarded-For"}
+
+	// Create a test request with multiple X-Forwarded-For headers
+	req := httptest.NewRequest("GET", "/test", nil)
+	req.Header.Add("X-Forwarded-For", "1.2.3.4, 127.0.0.1")
+	req.Header.Add("X-Forwarded-For", "5.6.7.8")
+	req.RemoteAddr = "127.0.0.1:1234"
+
+	// Create response recorder
+	w := httptest.NewRecorder()
+
+	// Create context
+	c, _ := CreateTestContext(w)
+	c.Request = req
+	c.engine = engine
+
+	// Test ClientIP
+	clientIP := c.ClientIP()
+
+	// Should return 5.6.7.8 (the last non-trusted IP)
+	expected := "5.6.7.8"
+	if clientIP != expected {
+		t.Errorf("Expected ClientIP to be %s, got %s", expected, clientIP)
+	}
+}
+
+func TestContextClientIPWithSingleHeader(t *testing.T) {
+	engine := New()
+	engine.SetTrustedProxies([]string{"127.0.0.1"})
+	engine.ForwardedByClientIP = true
+	engine.RemoteIPHeaders = []string{"X-Forwarded-For"}
+
+	req := httptest.NewRequest("GET", "/test", nil)
+	req.Header.Set("X-Forwarded-For", "1.2.3.4, 127.0.0.1")
+	req.RemoteAddr = "127.0.0.1:1234"
+
+	w := httptest.NewRecorder()
+	c, _ := CreateTestContext(w)
+	c.Request = req
+	c.engine = engine
+
+	clientIP := c.ClientIP()
+
+	// Should return 1.2.3.4
+	expected := "1.2.3.4"
+	if clientIP != expected {
+		t.Errorf("Expected ClientIP to be %s, got %s", expected, clientIP)
+	}
+}
 // Tests that the response is serialized as Secure JSON
 // and Content-Type is set to application/json
 func TestContextRenderSecureJSON(t *testing.T) {