Code

Ticket #6880: 6880.diff

File 6880.diff, 3.2 KB (added by aaugustin, 3 years ago)
Line 
1Index: docs/ref/request-response.txt
2===================================================================
3--- docs/ref/request-response.txt       (revision 15491)
4+++ docs/ref/request-response.txt       (working copy)
5@@ -191,37 +191,28 @@
6 
7 .. method:: HttpRequest.get_host()
8 
9-    Returns the originating host of the request using information from the
10-    ``HTTP_X_FORWARDED_HOST`` and ``HTTP_HOST`` headers (in that order). If
11-    they don't provide a value, the method uses a combination of
12+    Returns the host of the request using information from the ``HTTP_HOST``
13+    header. If it does not provide a value, the method uses a combination of
14     ``SERVER_NAME`` and ``SERVER_PORT`` as detailed in `PEP 333`_.
15 
16     .. _PEP 333: http://www.python.org/dev/peps/pep-0333/
17 
18     Example: ``"127.0.0.1:8000"``
19 
20-    .. note:: The :meth:`~HttpRequest.get_host()` method fails when the host is
21-        behind multiple proxies. One solution is to use middleware to rewrite
22-        the proxy headers, as in the following example::
23+    .. note:: :meth:`~HttpRequest.get_host()` returns the address of the
24+        closest proxy when the host is behind one or several proxies.
25+        This is transparent with reverse-proxies that rewrite both the
26+        ``Host`` header in requests and the ``Location``, ``Content-Location``
27+        and ``URI`` headers in responses, including Apache's ``mod_proxy`` and
28+        Squid.
29 
30-            class MultipleProxyMiddleware(object):
31-                FORWARDED_FOR_FIELDS = [
32-                    'HTTP_X_FORWARDED_FOR',
33-                    'HTTP_X_FORWARDED_HOST',
34-                    'HTTP_X_FORWARDED_SERVER',
35-                ]
36+    .. versionchanged:: 1.3
37 
38-                def process_request(self, request):
39-                    """
40-                    Rewrites the proxy headers so that only the most
41-                    recent proxy is used.
42-                    """
43-                    for field in self.FORWARDED_FOR_FIELDS:
44-                        if field in request.META:
45-                            if ',' in request.META[field]:
46-                                parts = request.META[field].split(',')
47-                                request.META[field] = parts[-1].strip()
48 
49+    :meth:`~HttpRequest.get_host()` used to interpret the non-standard
50+    ``HTTP_X_FORWARDED_HOST`` header to determine the originating host.
51+    This failed when the host was behind multiple proxies or when a proxy
52+    switched between HTTP and HTTPS and was removed.
53 
54 .. method:: HttpRequest.get_full_path()
55 
56Index: django/http/__init__.py
57===================================================================
58--- django/http/__init__.py     (revision 15491)
59+++ django/http/__init__.py     (working copy)
60@@ -128,9 +128,7 @@
61     def get_host(self):
62         """Returns the HTTP host using the environment or request headers."""
63         # We try three options, in order of decreasing preference.
64-        if 'HTTP_X_FORWARDED_HOST' in self.META:
65-            host = self.META['HTTP_X_FORWARDED_HOST']
66-        elif 'HTTP_HOST' in self.META:
67+        if 'HTTP_HOST' in self.META:
68             host = self.META['HTTP_HOST']
69         else:
70             # Reconstruct the host using the algorithm from PEP 333.