[Bug]: OpenMetrics endpoint do not have to be a trusted_domain #58614
Description
⚠️ This issue respects the following points: ⚠️
- This is a bug, not a question or a configuration/webserver/proxy issue.
- This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
- Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
- I agree to follow Nextcloud's Code of Conduct.
Bug description
Metrics Endpoint should not be evaluted to be in trusted_domains (metrics are scraped internal and the nextcloud could have changing ip address -> changing trusted_domains).
Steps to reproduce
- setup nextcloud (behind-nginx)
- setup
openmetrics_allowed_clients - query
/metrics
respone: HTTP/1.1 400 Bad Request
Expected behavior
response metrics
Nextcloud Server version
33
Operating system
None
PHP engine version
None
Web server
None
Database engine version
None
Is this bug present after an update or on a fresh install?
None
Are you using the Nextcloud Server Encryption module?
None
What user-backends are you using?
- Default user-backend (database)
- LDAP/ Active Directory
- SSO - SAML
- Other
Configuration report
List of activated Apps
Nextcloud Signing status
Nextcloud Logs
{"reqId":"ZZw8YpYRIhxl2Frsp2xR","level":1,"time":"2026-02-27T15:13:25+00:00","remoteAddr":"10.42.0.188","user":"--","app":"core","method":"GET","url":"/metrics","scriptName":"/index.php","message":"Trusted domain error. \"10.42.0.188\" tried to access using \"10.42.0.150\" as host.","userAgent":"Wget","version":"33.0.0.16","data":{"app":"core"}}Additional info
Config contains:
["openmetrics_allowed_clients"]=>
array(1) {
[0]=>
string(12) "10.42.0.0/15"
}
<?php
$CONFIG = array (
'allow_local_remote_servers' => true,
'trusted_proxies' => array(
0 => '127.0.0.1',
1 => '10.0.0.0/8',
),
'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
);