On 10/20/06, Ian Bicking <[EMAIL PROTECTED]> wrote: > Shannon -jj Behrens wrote: > > Hi, > > > > I'm putting a Pylons application behind Apache by proxying it. That > > means that when I call paste.request.construct_url, it returns a URL > > for localhost. I think it's a useful and harmless feature to have > > Paste automatically respect HTTP_X_FORWARDED_SERVER if present. I did > > this in Aquarium, and no user ever complained about it. Rather, it's > > nice to have the application "just work" even if it's behind a proxy. > > > > Ian, if you're interested, I'll submit a patch. > > Hmm... not sure. I can't really see a security problem if a client > submits a bad X-Forwarded-Server header. OTOH, if PrefixMiddleware did > this translation (HTTP_X_FORWARDED_SERVER -> HTTP_HOST) by default that > would clean it up early. I know I have lots of code that expects > HTTP_HOST, and I'd rather normalize the environment than deal with the > exceptions everywhere.
Hi Ian, However you want to handle it is fine with me as long as it gets handled. In my experience, the only time I ever had to think about this issue was when I generated URLs. In Aquarium, once I fixed it in the one place that generated absolute URLs, I never had to think of it again. Since Routes generates URLs without the host by default, I think as long as construct_url handles this case and as long as the Routes function that generates absolute URLs handles this case, it ought to be completely handled. Where would you like to go from here? Thanks, -jj -- The one who gets the last laugh isn't the one who did the laughing, but rather the one who did the writing. _______________________________________________ Paste-users mailing list [email protected] http://webwareforpython.org/cgi-bin/mailman/listinfo/paste-users
