Code

Opened 12 months ago

Closed 12 months ago

Last modified 12 months ago

#20303 closed Bug (duplicate)

HTTP_X_FORWARDED_HOST can be multi-valued with USE_X_FORWARDED_HOST

Reported by: john_borwick@… Owned by: nobody
Component: Uncategorized Version: 1.5
Severity: Normal Keywords: allowed_hosts
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Hello! It turns out HTTP_X_FORWARDED_HOST can be multi-valued and separated with commas. This makes USE_X_FORWARDED_HOST + ALLOWED_HOSTS/get_host() unhappy, as it slurps the whole string into host.

The attached patch (and I'd appreciate any tips on how to do this as I don't really know how to submit patches) looks for a comma in HTTP_X_FORWARDED_HOST and pulls the first value into host.

Attachments (1)

request.diff (486 bytes) - added by john_borwick@… 12 months ago.
Simple patch to request.py. Probably didn't build this properly

Download all attachments as: .zip

Change History (3)

Changed 12 months ago by john_borwick@…

Simple patch to request.py. Probably didn't build this properly

comment:1 Changed 12 months ago by jacob

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to duplicate
  • Status changed from new to closed

This is effectively a duplicate of #11877, which was closed wontfix -- please see that ticket for details.

comment:2 Changed 12 months ago by John Borwick <john_borwick@…>

Thank you very much! The submitted middleware on the other ticket is very helpful, and I appreciate the insight into what goes into core Django!

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.