Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Allow X-Forwarded-Port header to override the default SERVER_PORT when reversing URLs #619

Closed
wants to merge 1 commit into from

2 participants

@jezdez
Owner

Thank you for the patch, closing this as wontfix though. See the ticket for reasons.

@jezdez jezdez closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jan 2, 2013
  1. @mattrobenolt
This page is out of date. Refresh to see the latest.
Showing with 19 additions and 1 deletion.
  1. +1 −1  django/http/request.py
  2. +18 −0 tests/regressiontests/requests/tests.py
View
2  django/http/request.py
@@ -60,7 +60,7 @@ def get_host(self):
else:
# Reconstruct the host using the algorithm from PEP 333.
host = self.META['SERVER_NAME']
- server_port = str(self.META['SERVER_PORT'])
+ server_port = str(self.META.get('HTTP_X_FORWARDED_PORT', self.META['SERVER_PORT']))
if server_port != ('443' if self.is_secure() else '80'):
host = '%s:%s' % (host, server_port)
View
18 tests/regressiontests/requests/tests.py
@@ -119,6 +119,24 @@ def test_http_get_host(self):
}
self.assertEqual(request.get_host(), 'internal.com:8042')
+ # Check if HTTP_HOST isn't provided, and X-FORWARDED-PORT is set
+ request = HttpRequest()
+ request.META = {
+ 'SERVER_NAME': 'internal.com',
+ 'SERVER_PORT': 8080,
+ 'HTTP_X_FORWARDED_PORT': 80,
+ }
+ self.assertEqual(request.get_host(), 'internal.com')
+
+ # Check if HTTP_HOST isn't provided, and X-FORWARDED-PORT is set to non-standard port
+ request = HttpRequest()
+ request.META = {
+ 'SERVER_NAME': 'internal.com',
+ 'SERVER_PORT': 8080,
+ 'HTTP_X_FORWARDED_PORT': 8042,
+ }
+ self.assertEqual(request.get_host(), 'internal.com:8042')
+
# Poisoned host headers are rejected as suspicious
legit_hosts = [
'example.com',
Something went wrong with that request. Please try again.