Vulnerability in EPiServer.Forms
We want to gend user current user location details like country and region based on IP, by using Cloudflare. And for that we have added below keys in our solution as below:
<add key="episerver:ClientIPAddressHeader" value="True-Client-IP" />
<add key="episerver:ClientLocationHeader" value="CF-IPCountry" />
But, still are not getting any key in header as “CF-IPCountry” in browser website. Please help on this
Do you have a geolocation provider configured?
Header-based geolocation is only used when no geolocation provider has been configured and that it is limited to Country and Continent locations.
I think there is a bit misunderstanding. how do you retrieve the CF-IPCountry? In you controller, do you get any value from this code Request.Headers["CF-IPCountry"]?
The configuration entries you mention are only used for location-based Visitor Groups. If you need the country code in custom code, you can use the same implementation as Visitor Groups, by calling:
An alternative would be:
Be aware that Cloudflare will only detect the country, not continent, region or city. However, the first method will also give you continent (by internal mapping). Detection needs to be enabled in Cloudflare, so check with Episerver Support whether it is enabled by default.