From a6a619e54f86f10eba8bc2b0c7ac92153a79e111 Mon Sep 17 00:00:00 2001 From: Marcin Paciulan Date: Wed, 23 May 2018 13:07:14 +0200 Subject: [PATCH] Added support for CSV x-forwarded-proto header in ProxyFix --- werkzeug/contrib/fixers.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/werkzeug/contrib/fixers.py b/werkzeug/contrib/fixers.py index d8d4f9113..86e977baa 100644 --- a/werkzeug/contrib/fixers.py +++ b/werkzeug/contrib/fixers.py @@ -133,7 +133,7 @@ def get_remote_addr(self, forwarded_for): def __call__(self, environ, start_response): getter = environ.get - forwarded_proto = getter('HTTP_X_FORWARDED_PROTO', '') + forwarded_proto = getter('HTTP_X_FORWARDED_PROTO', '').split(',') forwarded_for = getter('HTTP_X_FORWARDED_FOR', '').split(',') forwarded_host = getter('HTTP_X_FORWARDED_HOST', '') forwarded_port = getter('HTTP_X_FORWARDED_PORT', '') @@ -146,6 +146,7 @@ def __call__(self, environ, start_response): 'werkzeug.proxy_fix.orig_script_name': getter('SCRIPT_NAME'), }) forwarded_for = [x for x in [x.strip() for x in forwarded_for] if x] + forwarded_proto = [x for x in [x.strip() for x in forwarded_proto] if x] remote_addr = self.get_remote_addr(forwarded_for) if remote_addr is not None: environ['REMOTE_ADDR'] = remote_addr @@ -161,7 +162,7 @@ def __call__(self, environ, start_response): else: environ['SERVER_PORT'] = forwarded_port if forwarded_proto: - environ['wsgi.url_scheme'] = forwarded_proto + environ['wsgi.url_scheme'] = forwarded_proto[0] if forwarded_prefix: environ['SCRIPT_NAME'] = forwarded_prefix return self.app(environ, start_response)