#20303 closed Bug (duplicate)
HTTP_X_FORWARDED_HOST can be multi-valued with USE_X_FORWARDED_HOST
Reported by: | Owned by: | nobody | |
---|---|---|---|
Component: | Uncategorized | Version: | 1.5 |
Severity: | Normal | Keywords: | allowed_hosts |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Hello! It turns out HTTP_X_FORWARDED_HOST can be multi-valued and separated with commas. This makes USE_X_FORWARDED_HOST + ALLOWED_HOSTS/get_host() unhappy, as it slurps the whole string into host.
The attached patch (and I'd appreciate any tips on how to do this as I don't really know how to submit patches) looks for a comma in HTTP_X_FORWARDED_HOST and pulls the first value into host.
Attachments (1)
Change History (3)
by , 12 years ago
Attachment: | request.diff added |
---|
comment:1 by , 12 years ago
Resolution: | → duplicate |
---|---|
Status: | new → closed |
This is effectively a duplicate of #11877, which was closed wontfix -- please see that ticket for details.
comment:2 by , 12 years ago
Thank you very much! The submitted middleware on the other ticket is very helpful, and I appreciate the insight into what goes into core Django!
Simple patch to request.py. Probably didn't build this properly