Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#20303 closed Bug (duplicate)

HTTP_X_FORWARDED_HOST can be multi-valued with USE_X_FORWARDED_HOST

Reported by: john_borwick@… Owned by: nobody
Component: Uncategorized Version: 1.5
Severity: Normal Keywords: allowed_hosts
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Hello! It turns out HTTP_X_FORWARDED_HOST can be multi-valued and separated with commas. This makes USE_X_FORWARDED_HOST + ALLOWED_HOSTS/get_host() unhappy, as it slurps the whole string into host.

The attached patch (and I'd appreciate any tips on how to do this as I don't really know how to submit patches) looks for a comma in HTTP_X_FORWARDED_HOST and pulls the first value into host.

Attachments (1)

request.diff (486 bytes ) - added by john_borwick@… 12 years ago.
Simple patch to request.py. Probably didn't build this properly

Download all attachments as: .zip

Change History (3)

by john_borwick@…, 12 years ago

Attachment: request.diff added

Simple patch to request.py. Probably didn't build this properly

comment:1 by Jacob, 12 years ago

Resolution: duplicate
Status: newclosed

This is effectively a duplicate of #11877, which was closed wontfix -- please see that ticket for details.

comment:2 by John Borwick <john_borwick@…>, 12 years ago

Thank you very much! The submitted middleware on the other ticket is very helpful, and I appreciate the insight into what goes into core Django!

Note: See TracTickets for help on using tickets.
Back to Top