[Django] #26037: HttpRequest._get_raw_host() uses either HTTP_X_FORWARDED_HOST or HTTP_X_FORWARDED_PORT => should use both

Tue, 05 Jan 2016 07:19:27 -0800 

#26037: HttpRequest._get_raw_host() uses either HTTP_X_FORWARDED_HOST or
HTTP_X_FORWARDED_PORT => should use both
-------------------------------+--------------------
     Reporter:  benoitbryon    |      Owner:  nobody
         Type:  Bug            |     Status:  new
    Component:  Uncategorized  |    Version:  1.9
     Severity:  Normal         |   Keywords:
 Triage Stage:  Unreviewed     |  Has patch:  0
Easy pickings:  0              |      UI/UX:  0
-------------------------------+--------------------
 Situation is Django running behind a reverse proxy such as:

 * Django settings declare `USE_X_FORWARDED_HOST = True` and
 `USE_X_FORWARDED_PORT = True`
 * reverse proxy passes headers `X-Forwarded-Host` and `X-Forwarded-Port`.
 Say host "example.com" and port "8080" for example.

 I was expecting `request.get_absolute_uri()` to use both forwarded host
 and port.
 Or more precisely, I was expecting `request.get_host()` to return
 "example.com:8080" with the example above.

 But I get "example.com" only, without mention of the forwarded port.

 As of Django version 1.9, it seems that, given
 `settings.USE_X_FORWARDED_HOST` is True, then `request.get_host()` takes
 only `X-Forwarded-Host` into account and ignores `X-Forwarded-Port`.
 I guess issue comes from `HttpRequest._raw_host()` which doesn't use
 `HttpRequest.get_port()` in the case `settings.USE_X_FORWARDED_HOST` is
 True.

 References:

 * `HttpRequest.get_host()`:
 
https://github.com/django/django/blob/b0c56b895fd2694d7f5d4595bdbbc41916607f45/django/http/request.py#L72-L89
 * `HttpRequest.get_port()`:
 
https://github.com/django/django/blob/b0c56b895fd2694d7f5d4595bdbbc41916607f45/django/http/request.py#L110-L116
 * `settings.USE_X_FORWARDED_PORT` was introduced by
 https://code.djangoproject.com/ticket/25211

--
Ticket URL: <https://code.djangoproject.com/ticket/26037>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/054.051b022d7d0fb2cc95af0d718202e108%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to