#30729: Add support for the RFC 7239 Forwarded header
-------------------------------+-----------------------------------------
Reporter: Ben Stähli | Owner: nobody
Type: New feature | Status: new
Component: HTTP handling | Version: 2.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Someday/Maybe
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+-----------------------------------------
Comment (by Ben Stähli):
add support means all aspects of the new header need to be covered. as far
as I can see, this touches at least these settings:
- SECURE_PROXY_SSL_HEADER
https://docs.djangoproject.com/en/3.0/ref/settings/#secure-proxy-ssl-
header
- USE_X_FORWARDED_HOST
https://docs.djangoproject.com/en/3.0/ref/settings/#use-x-forwarded-host
- USE_X_FORWARDED_PORT
https://docs.djangoproject.com/en/3.0/ref/settings/#use-x-forwarded-port
and, the parsing and security part is not to underestimate, as it's only
one header, that must be parsed.
Replying to [comment:5 Santiago Basulto]:
> I'd be tempted to take over this. I'd like to know what would "add
support" involves. Is it just trusting hosts based on X-Forwarded as we do
with [https://docs.djangoproject.com/en/3.0/ref/settings/#use-x-forwarded-
host x-forwarded-host]?
--
Ticket URL: <https://code.djangoproject.com/ticket/30729#comment:6>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/065.988f282b0f6ac591b0ecf617fd68f7df%40djangoproject.com.
