I'm encountering an issue with my setup where the actual client's IP address is not being forwarded correctly during the initial Server-Side Rendering (SSR) load of a page.
Backend: Running Laravel on a VPS Frontend: Utilizing Nuxt 3 deployed on Vercel Issue: When a page is first loaded using SSR, Vercel mistakenly sends its own IP address instead of the client's IP. This leads to complications with my Laravel API, such as:
Receiving 429 errors due to rate limiting based on Vercel's IP. Incorrect geolocation as I rely on the client's IP for location-based pricing and user experience. However, this problem only arises during the first SSR load. Subsequent actions like form requests send the correct client IP.
Steps Taken So Far: I have implemented the following plugin to initiate a request and load global values:
export default defineNuxtPlugin(async () => {
// Plugin code here
});
This IP issue occurs on any page making SSR calls, but solely during the first load.
I have tried enabling trustproxies in Laravel and setting it to *, but that did not resolve the issue. In Nuxt, I attempted forwarding the X-Forwarded-For header like this:
// Code snippet here
Yet, this action triggers Cloudflare's security measures, flagging the request as potentially harmful.
Inquiry: Is there a more effective approach to ensure the correct client IP is sent to the backend during the initial SSR load? Should I transmit the IP through a different header, or is there a Vercel configuration oversight causing the issue?
All suggestions are appreciated!