Support X-Forwarded-* and Forwarded implicitly, deprecate secure_proxy_ssl_header. #1134
Comments
asvetlov
changed the title
X-Forwarded-* and implicitly X-Forwarded-* and Forwarded implicitly, deprecate secure_proxy_ssl_header.
asvetlov
changed the title
X-Forwarded-* and Forwarded implicitly, deprecate secure_proxy_ssl_header.
|
What's the status on this? I'm going to use: ... to try to determine how & where my service can be reached during runtime. I can do this in my own code but I can also shoot in a PR. How about this approach:
Would that be useful enough to be included? |
|
@evertlammerts PR would be very good! |
|
How about something like this? There are no tests in there yet and I'm not sure how deprecation works in aiohttp. Any pointers? I'll revisit soon, just about to leave on a trip. |
|
we use deprecation warning. but what do you want to deprecate? |
|
Title says "deprecate secure_proxy_ssl_header" |
|
@samuelcolvin could you check? I think you last one who modified "secure_proxy_ssl_header" |
|
Personally I think making a best effort to determine scheme, host and port using standard and defacto standard headers is enough. People can always check for less common headers manually. In any case, maybe deprecation of secure_proxy_ssl_header could be a different PR? I'm not completely sure about the most common semantics of X-Forwarded-Host, and whether its value is mostly the same as what the Host header contains without a proxy; in particular, does it normally contain the port number if not 80/443? I'll research next week. |
|
Any chance this can still make it into 2.1? |
|
sure |
…eme and host resolution (#1881) * #1134 Support X-Forwarded-* and Forwarded implicitly * #1134 tests * added myself to contributors * added line to changes.rst * Update CHANGES.rst * Update CHANGES.rst * deprecating secure_proxy_ssl_header * more extensive Forwarded parsing * flake * make isort with new parameters * Fix #1839: python 3.7 regression for regexp escaping (#1908) * Fix #1839: python 3.7 regression for regexp escaping * Fix import sort order * small changes * unpacking tuple implicit * #1134 Support X-Forwarded-* and Forwarded implicitly * #1134 tests * added myself to contributors * added line to changes.rst * deprecating secure_proxy_ssl_header * more extensive Forwarded parsing * flake * small changes * unpacking tuple implicit * handling multiple field-values, fixed quoted-pair bug (now using vchar instead of tchar), changed return type of forwarded
* #1134 Support X-Forwarded-* and Forwarded implicitly * #1134 tests * added myself to contributors * added line to changes.rst * Update CHANGES.rst * Update CHANGES.rst * deprecating secure_proxy_ssl_header * more extensive Forwarded parsing * flake * small changes * unpacking tuple implicit * #1134 Support X-Forwarded-* and Forwarded implicitly * #1134 tests * added myself to contributors * added line to changes.rst * deprecating secure_proxy_ssl_header * more extensive Forwarded parsing * flake * small changes * unpacking tuple implicit * handling multiple field-values, fixed quoted-pair bug (now using vchar instead of tchar), changed return type of forwarded * docs for forwarded * removed double entry from changes * Docs for forwarded * docs pass spellchecker
|
So, am I missing something or support for |
|
#1881, which was about better host and scheme resolution for |
|
@evertlammerts Thanks for answer. For me there is no problem since we already doing split by comma, as You proposed. I was just confused since this issue mentions such problem, but I found nothing about that in merge request. Anyway, good to know and thanks again. |
|
I don't think that forwarded-for is interesting to anybody. But please feel free to open a new PR if needed. |
|
Let's close the issue, it's completed from my perspective. |
Remove duplicate change entry for #1134 for 2.1.0 (2017-05-26)
|
For anyone else chasing their tail trying to figure out where this feature has gone, it has been removed and moved into middleware. See here: |
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a [new issue] for related bugs. |
It's not obvious and the current doc is misleading: it proposes
secure_proxy_ssl_header='X-Forwarded-Proto'but should dosecure_proxy_ssl_header=('X-Forwarded-Proto', 'https').Looks like @popravich made a mistake on documenting it by d4954ef
X-Forwarded-For,X-Forwarded-By, andX-Forwarded-Protoshould be supported. See the spec at http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/x-forwarded-headers.htmlForwardedheader from RFC 7239 https://tools.ietf.org/html/rfc7239 should be supported as well.The issue doesn't require a single Pull Request, most likely it should be several PRs, each for other aspect for sake of easy reviewing etc.
Until we'll remove deprecated
secure_proxy_ssl_headersupport it should be processed first before all other rules.The text was updated successfully, but these errors were encountered: