#30729: Add support for the RFC 7239 Forwarded header
-------------------------------+-----------------------------------------
     Reporter:  Ben Stähli     |                    Owner:  nobody
         Type:  New feature    |                   Status:  new
    Component:  HTTP handling  |                  Version:  2.2
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Someday/Maybe
    Has patch:  0              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  0
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+-----------------------------------------

Comment (by Ben Stähli):

 add support means all aspects of the new header need to be covered. as far
 as I can see, this touches at least these settings:

 - SECURE_PROXY_SSL_HEADER
 https://docs.djangoproject.com/en/3.0/ref/settings/#secure-proxy-ssl-
 header
 - USE_X_FORWARDED_HOST
 https://docs.djangoproject.com/en/3.0/ref/settings/#use-x-forwarded-host
 - USE_X_FORWARDED_PORT
 https://docs.djangoproject.com/en/3.0/ref/settings/#use-x-forwarded-port

 and, the parsing and security part is not to underestimate, as it's only
 one header, that must be parsed.

 Replying to [comment:5 Santiago Basulto]:
 > I'd be tempted to take over this. I'd like to know what would "add
 support" involves. Is it just trusting hosts based on X-Forwarded as we do
 with [https://docs.djangoproject.com/en/3.0/ref/settings/#use-x-forwarded-
 host x-forwarded-host]?

-- 
Ticket URL: <https://code.djangoproject.com/ticket/30729#comment:6>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.988f282b0f6ac591b0ecf617fd68f7df%40djangoproject.com.

Reply via email to