From 486454d2629c022636b668b301d94ed5e5f724b0 Mon Sep 17 00:00:00 2001 From: ArshVermaGit Date: Mon, 1 Jun 2026 04:10:40 +0530 Subject: [PATCH] fix(security): resolve ip extraction bypass in rate limiter and type errors --- src/lib/contact-rate-limit.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/contact-rate-limit.ts b/src/lib/contact-rate-limit.ts index a4c8aa74..1aa5ca68 100644 --- a/src/lib/contact-rate-limit.ts +++ b/src/lib/contact-rate-limit.ts @@ -44,7 +44,7 @@ export function checkContactRateLimit(ip: string): ContactRateLimitResult { export function getContactClientIp(req: NextRequest): string { return ( - (req.headers.get("x-forwarded-for") || req.headers.get("x-real-ip") || "127.0.0.1") ?? + (req as any).ip ?? req.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ?? req.headers.get("x-real-ip") ?? "unknown"