Shannon -jj Behrens wrote: > Hi, > > I'm putting a Pylons application behind Apache by proxying it. That > means that when I call paste.request.construct_url, it returns a URL > for localhost. I think it's a useful and harmless feature to have > Paste automatically respect HTTP_X_FORWARDED_SERVER if present. I did > this in Aquarium, and no user ever complained about it. Rather, it's > nice to have the application "just work" even if it's behind a proxy. > > Ian, if you're interested, I'll submit a patch.
Hmm... not sure. I can't really see a security problem if a client submits a bad X-Forwarded-Server header. OTOH, if PrefixMiddleware did this translation (HTTP_X_FORWARDED_SERVER -> HTTP_HOST) by default that would clean it up early. I know I have lots of code that expects HTTP_HOST, and I'd rather normalize the environment than deal with the exceptions everywhere. -- Ian Bicking | [EMAIL PROTECTED] | http://blog.ianbicking.org _______________________________________________ Paste-users mailing list [email protected] http://webwareforpython.org/cgi-bin/mailman/listinfo/paste-users
