#30017: Django should assume port 443 for https in
django.utils.http.is_same_domain()
-----------------------------------+--------------------------------------
Reporter: Ruslan Dautkhanov | Owner: (none)
Type: Bug | Status: closed
Component: HTTP handling | Version: 2.1
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-----------------------------------+--------------------------------------
Changes (by Carlton Gibson):
* status: new => closed
* resolution: => wontfix
Comment:
Neither the `Host` nor the `X-Forwarded-Host` include the scheme right? As
such it's just not right to say that `web.site.com` and `web.site.com:443`
are the same. The latter includes more information. (Yes, if we also
lookup the scheme we **might** infer the `443` but we're making
assumptions in doing so.)
The suggested fix on Stack Overflow seems right to me. (If you must send
the port, beyond correcting the Nginx config, you can already adjust
`ALLOWED_HOSTS` and/or `CSRF_TRUSTED_ORIGINS` here.)
--
Ticket URL: <https://code.djangoproject.com/ticket/30017#comment:6>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/063.d2502437644081c75df986625f31d018%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
