Zope 2

Trusted Proxies not available in WebOb

Bug #885016 reported by Matthew Wilkes on 2011-11-02

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Zope 2	Status tracked in 4.0
	4.0	Invalid	Undecided	Matthew Wilkes	Zope 2 4.0.x

Bug Description

WebOb will, by default, trust the first X-FORWARDED-FOR header, if set. This is a regression compared to Zope 2.x's Trusted Proxies.

We need a WSGI Middleware that implements the trusted support, so if a proxy is untrusted the REMOTE_ADDR needs to either be added to the start of the X-FORWARDED-FOR if not there, or the X-FORWARDED-FOR header removed.

Tags:

Matthew Wilkes (matthew-matthewwilkes) on 2011-11-02

Changed in zope2:
assignee:	nobody → Matthew Wilkes (matthew-matthewwilkes)

Revision history for this message

Colin Watson (cjwatson) wrote on 2019-10-23:

The zope2 project on Launchpad has been archived at the request of the Zope developers (see https://answers.launchpad.net/launchpad/+question/683589 and https://answers.launchpad.net/launchpad/+question/685285). If this bug is still relevant, please refile it at https://github.com/zopefoundation/zope2.

Changed in zope2:
status:	Triaged → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.