Restrict x-umami-client-* headers to cloud mode only.

src/lib/detect.ts

@@ -10,6 +10,16 @@ import { safeDecodeURIComponent } from '@/lib/url';
 const MAXMIND = 'maxmind';
 
 const PROVIDER_HEADERS = [
+  // Umami custom headers (cloud mode only)
+  ...(process.env.CLOUD_MODE
+    ? [
+        {
+          countryHeader: 'x-umami-client-country',
+          regionHeader: 'x-umami-client-region',
+          cityHeader: 'x-umami-client-city',
+        },
+      ]
+    : []),
   // Cloudflare headers
   {
     countryHeader: 'cf-ipcountry',
@@ -60,13 +70,13 @@ function decodeHeader(s: string | undefined | null): string | undefined | null {
   return Buffer.from(s, 'latin1').toString('utf-8');
 }
 
-export async function getLocation(ip: string = '', headers: Headers, hasPayloadIP: boolean) {
+export async function getLocation(ip: string = '', headers: Headers, skipHeaders: boolean) {
   // Ignore local ips
   if (!ip || (await isLocalhost(ip))) {
     return null;
   }
 
-  if (!hasPayloadIP && !process.env.SKIP_LOCATION_HEADERS) {
+  if (!skipHeaders && !process.env.SKIP_LOCATION_HEADERS) {
     for (const provider of PROVIDER_HEADERS) {
       const countryHeader = headers.get(provider.countryHeader);
       if (countryHeader) {

src/lib/ip.ts

@@ -1,4 +1,5 @@
 export const IP_ADDRESS_HEADERS = [
+  ...(process.env.CLOUD_MODE ? ['x-umami-client-ip'] : []), // Umami custom header (cloud mode only)
   'true-client-ip', // CDN
   'cf-connecting-ip', // Cloudflare
   'fastly-client-ip', // Fastly
@@ -31,7 +32,7 @@ export function getIpAddress(headers: Headers) {
   }
 
   if (header === 'forwarded') {
-    const match = ip.match(/for=(\[?[0-9a-fA-F:.]+\]?)/);
+    const match = ip.match(/for=(\[?[0-9a-fA-F:.]+]?)/);
 
     if (match) {
       return match[1];