#20303 closed Bug (duplicate)
HTTP_X_FORWARDED_HOST can be multi-valued with USE_X_FORWARDED_HOST
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | Uncategorized | Version: | 1.5 |
| Severity: | Normal | Keywords: | allowed_hosts |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Hello! It turns out HTTP_X_FORWARDED_HOST can be multi-valued and separated with commas. This makes USE_X_FORWARDED_HOST + ALLOWED_HOSTS/get_host() unhappy, as it slurps the whole string into host.
The attached patch (and I'd appreciate any tips on how to do this as I don't really know how to submit patches) looks for a comma in HTTP_X_FORWARDED_HOST and pulls the first value into host.
Attachments (1)
Change History (3)
by , 11 years ago
| Attachment: | request.diff added |
|---|
comment:1 by , 11 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
This is effectively a duplicate of #11877, which was closed wontfix -- please see that ticket for details.
comment:2 by , 11 years ago
Thank you very much! The submitted middleware on the other ticket is very helpful, and I appreciate the insight into what goes into core Django!
Note:
See TracTickets
for help on using tickets.
Simple patch to request.py. Probably didn't build this properly