From 0d52645902e040773c62da58192b33a9c8016af9 Mon Sep 17 00:00:00 2001
From: Pedro Crespo-Valero <32402063+pcrespov@users.noreply.github.com>
Date: Thu, 10 Oct 2024 19:06:46 +0200
Subject: [PATCH] checks XForeward-host

---
 .../products/_middlewares.py                       | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/services/web/server/src/simcore_service_webserver/products/_middlewares.py b/services/web/server/src/simcore_service_webserver/products/_middlewares.py
index 25beb7740340..5d30161b9b3a 100644
--- a/services/web/server/src/simcore_service_webserver/products/_middlewares.py
+++ b/services/web/server/src/simcore_service_webserver/products/_middlewares.py
@@ -15,10 +15,18 @@
 
 def _discover_product_by_hostname(request: web.Request) -> str | None:
     products: OrderedDict[str, Product] = request.app[APP_PRODUCTS_KEY]
+    #
+    # SEE https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host
+    # SEE https://doc.traefik.io/traefik/getting-started/faq/#what-are-the-forwarded-headers-when-proxying-http-requests
+    originating_hosts = [
+        request.headers.get("X-Forwarded-Host"),
+        request.host,
+    ]
     for product in products.values():
-        if product.host_regex.search(request.host):
-            product_name: str = product.name
-            return product_name
+        for host in originating_hosts:
+            if host and product.host_regex.search(host):
+                product_name: str = product.name
+                return product_name
     return None