Shannon -jj Behrens wrote: > On 10/20/06, Ian Bicking <[EMAIL PROTECTED]> wrote: >> Shannon -jj Behrens wrote: >> > Hi, >> > >> > I'm putting a Pylons application behind Apache by proxying it. That >> > means that when I call paste.request.construct_url, it returns a URL >> > for localhost. I think it's a useful and harmless feature to have >> > Paste automatically respect HTTP_X_FORWARDED_SERVER if present. I did >> > this in Aquarium, and no user ever complained about it. Rather, it's >> > nice to have the application "just work" even if it's behind a proxy. >> > >> > Ian, if you're interested, I'll submit a patch. >> >> Hmm... not sure. I can't really see a security problem if a client >> submits a bad X-Forwarded-Server header. OTOH, if PrefixMiddleware did >> this translation (HTTP_X_FORWARDED_SERVER -> HTTP_HOST) by default that >> would clean it up early. I know I have lots of code that expects >> HTTP_HOST, and I'd rather normalize the environment than deal with the >> exceptions everywhere.
I added this to paste.deploy.config.PrefixMiddleware (I'm not sure why that middleware is in that module...). Anyway, by default that middleware will now translate the X-Forwarded-Server header to Host. -- Ian Bicking | [EMAIL PROTECTED] | http://blog.ianbicking.org _______________________________________________ Paste-users mailing list [email protected] http://webwareforpython.org/cgi-bin/mailman/listinfo/paste-users
