Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#20303 closed Bug (duplicate)


Reported by: john_borwick@… Owned by: nobody
Component: Uncategorized Version: 1.5
Severity: Normal Keywords: allowed_hosts
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Hello! It turns out HTTP_X_FORWARDED_HOST can be multi-valued and separated with commas. This makes USE_X_FORWARDED_HOST + ALLOWED_HOSTS/get_host() unhappy, as it slurps the whole string into host.

The attached patch (and I'd appreciate any tips on how to do this as I don't really know how to submit patches) looks for a comma in HTTP_X_FORWARDED_HOST and pulls the first value into host.

Attachments (1)

request.diff (486 bytes) - added by john_borwick@… 6 years ago.
Simple patch to Probably didn't build this properly

Download all attachments as: .zip

Change History (3)

Changed 6 years ago by john_borwick@…

Attachment: request.diff added

Simple patch to Probably didn't build this properly

comment:1 Changed 6 years ago by Jacob

Resolution: duplicate
Status: newclosed

This is effectively a duplicate of #11877, which was closed wontfix -- please see that ticket for details.

comment:2 Changed 6 years ago by John Borwick <john_borwick@…>

Thank you very much! The submitted middleware on the other ticket is very helpful, and I appreciate the insight into what goes into core Django!

Note: See TracTickets for help on using tickets.
Back to Top