From f791515546298883d1ddbf08b22532bbb97d0723 Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Wed, 16 Feb 2022 13:00:36 -0800
Subject: [PATCH] Fixed x-forwarded-host where multiple hosts are specified.

---
 meshcentral.js | 3 +--
 webserver.js   | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/meshcentral.js b/meshcentral.js
index 7e5e5766..271b114c 100644
--- a/meshcentral.js
+++ b/meshcentral.js
@@ -1623,8 +1623,7 @@ function CreateMeshCentralServer(config, args) {
                 }
 
                 // Setup and start the legacy swarm server
-                if ((obj.certificates.swarmserver != null) && (obj.args.swarmport !== 0)) {
-                    if (obj.args.swarmport == null) { obj.args.swarmport = 8080; }
+                if ((obj.certificates.swarmserver != null) && (obj.args.swarmport != null) && (obj.args.swarmport !== 0)) {
                     obj.swarmserver = require('./swarmserver.js').CreateSwarmServer(obj, obj.db, obj.args, obj.certificates);
                 }
 
diff --git a/webserver.js b/webserver.js
index fec5da0a..190380a3 100644
--- a/webserver.js
+++ b/webserver.js
@@ -5716,7 +5716,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
                 if (clientIpSplit.length == 2) { req.clientIp = clientIpSplit[0]; }
 
                 // Get server host
-                if (req.headers['x-forwarded-host']) { xforwardedhost = req.headers['x-forwarded-host']; }
+                if (req.headers['x-forwarded-host']) { xforwardedhost = req.headers['x-forwarded-host'].split(',')[0]; } // If multiple hosts are specified with a comma, take the first one.
             } else {
                 req.clientIp = ipex;
             }