Trusted Proxies not available in WebOb
Bug #885016 reported by
Matthew Wilkes
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Zope 2 | Status tracked in 4.0 | |||||
4.0 |
Invalid
|
Undecided
|
Matthew Wilkes |
Bug Description
WebOb will, by default, trust the first X-FORWARDED-FOR header, if set. This is a regression compared to Zope 2.x's Trusted Proxies.
We need a WSGI Middleware that implements the trusted support, so if a proxy is untrusted the REMOTE_ADDR needs to either be added to the start of the X-FORWARDED-FOR if not there, or the X-FORWARDED-FOR header removed.
Changed in zope2: | |
assignee: | nobody → Matthew Wilkes (matthew-matthewwilkes) |
To post a comment you must log in.
The zope2 project on Launchpad has been archived at the request of the Zope developers (see https:/ /answers. launchpad. net/launchpad/ +question/ 683589 and https:/ /answers. launchpad. net/launchpad/ +question/ 685285). If this bug is still relevant, please refile it at https:/ /github. com/zopefoundat ion/zope2.