x-forwarded-for doesn't work

[clhedrick]

My logs show either the forwarder or 127.0.0.1.

This is version 6.5.2, with jupyterhub.

I put debug statements in _apply_xheaders

1. trusted_downstream isn't being passed through to that point. i.e. it's empty or undefined.
2. netutil.is_valid_ip rejects [2620:0:d60:ac1a::10]

There's always ambiguity in the specs whether IP addresses should have [] around them. Fortigate uses it: AWs documtation says they do https://docs.aws.amazon.com/elasticloadbalancing/latest/application/x-forwarded-headers.html. Wikipedia says some implementations use [] and some don't: https://en.wikipedia.org/wiki/X-Forwarded-For

Here's what I got from a Fortigate acting as a load balancer:

X-Forwarded-For: [2620:0:d60:ac1a::10]