[Personalization] UserHostAddress should be populated from X-Forwarded-For header if available

Fixed in

EPiServer.Commerce 13.25.0

Created

Sep 14, 2020

Updated

Oct 21, 2020

State

Closed, Fixed and tested


Description

The default behavior when tracking is to use Request.UserHostAddress inside the tracking data. This value does not correctly identify the client's IP address if the traffic between client and server passes thru any proxies.

We should prefer to pick the client's IP from the X-Forwarded-For request header, if available. The SkipUserHostTracking config setting should still be respected.