If enabled, only take the first comma separated ip (#892)

* If enabled, only take the first comma separated ip

* Undo changes in getServerPort

Author: tomas-sexenian

java/src/main/java/com/genexus/webpanels/HttpContextWeb.java

@@ -79,6 +79,7 @@ public class HttpContextWeb extends HttpContext {
 	private static final String SAME_SITE_LAX = "Lax";
 	private static final String SAME_SITE_STRICT = "Strict";
 	private static final String SET_COOKIE = "Set-Cookie";
+	private static String httpForwardedHeadersEnabled = System.getenv("HTTP_FORWARDEDHEADERS_ENABLED");
 
 	public static final int BROWSER_OTHER		= 0;
 	public static final int BROWSER_IE 		= 1;
@@ -630,8 +631,10 @@ public String getUserId(String key, ModelContext context, int handle, com.genexu
 	}
 
 	public String getRemoteAddr() {
+		boolean isEnabled = "true".equalsIgnoreCase(httpForwardedHeadersEnabled);
 		String address = getHeader("X-Forwarded-For");
-		if (address.length() > 0){
+		if (isEnabled && address != null && address.length() > 0) {
+			address = address.split(",")[0].trim();
 			return address;
 		}
 		address = request.getRemoteAddr();
@@ -948,18 +951,16 @@ public byte setCookie(String name, String value, String path, java.util.Date exp
 	}
 
 	public String getServerName() {
+		boolean isEnabled = "true".equalsIgnoreCase(httpForwardedHeadersEnabled);
 		String host = getHeader("X-Forwarded-Host");
-		if (host.length() > 0){
-			return host;
+		if (isEnabled && host != null && host.length() > 0) {
+			return host.split(",")[0].trim();
 		}
 		String serverNameProperty = ModelContext.getModelContext().getPreferences().getProperty("SERVER_NAME", "");
 		if (!StringUtils.isBlank(serverNameProperty)) {
 			return serverNameProperty;
 		}
-		if (request != null)
-			return request.getServerName();
-
-		return "";
+		return request != null ? request.getServerName() : "";
 	}
 
 	public int getServerPort() {