* Use the RealIP middleware only behind a reverse proxy
* Fix proxy ip source in tests
* Fix test for PR#2087
The PR did not update the test after changing the behavior, but the test still
passed because another condition was preventing the user from being created in
the test.
* Use RealIP even without a trusted reverse proxy
* Use own type for context key
* Fix casing to follow go's conventions
* Do not apply RealIP middleware twice
* Fix IP source in logs
The most interesting data point in the log message is the proxy's IP, but
having the client IP too can help identify integration issues.
* None is deprecated and will fallback to Lax in the future.
* Using Strict is future proof and provides additional CSR protection
Signed-off-by: Manuel Kroeber <manuel.kroeber@gmail.com>
Signed-off-by: Manuel Kroeber <manuel.kroeber@gmail.com>
* Adding 'x-content-duratin' and 'x-total-count' to CORS exposed headers
* Moving cors setup to middlewares.go
* adding x-nd-authorization to exposed headers
* Use new embed functionality for serving UI assets
* Use new embed functionality for serving resources. Remove dependency on go-bindata
* Remove Go 1.15
