From 04ca11e62e67df3c6833d46bca75fc09eb78b7d2 Mon Sep 17 00:00:00 2001
From: kermieisinthehouse <kermie@isinthe.house>
Date: Sat, 9 Oct 2021 23:54:15 +0000
Subject: [PATCH] Fix setting config locking out proxy users (#1820)

---
 pkg/session/authentication.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/session/authentication.go b/pkg/session/authentication.go
index 90b2e54dd..7bdf0ea22 100644
--- a/pkg/session/authentication.go
+++ b/pkg/session/authentication.go
@@ -36,7 +36,7 @@ func CheckAllowPublicWithoutAuth(c *config.Instance, r *http.Request) error {
 			trustedProxies := c.GetTrustedProxies()
 			proxyChain := strings.Split(r.Header.Get("X-FORWARDED-FOR"), ", ")
 
-			if trustedProxies == nil {
+			if len(trustedProxies) == 0 {
 				// validate proxies against local network only
 				if !isLocalIP(requestIP) {
 					return ExternalAccessError(requestIP)
@@ -98,6 +98,9 @@ func isLocalIP(requestIP net.IP) bool {
 }
 
 func isIPTrustedProxy(ip net.IP, trustedProxies []string) bool {
+	if len(trustedProxies) == 0 {
+		return isLocalIP(ip)
+	}
 	for _, v := range trustedProxies {
 		if ip.Equal(net.ParseIP(v)) {
 			return true