Rename X-Forwarded- settings and add type annotation for env var support

davegaeddert · davegaeddert · commit 22f241a55c4b · 2026-01-07T10:47:07.000-06:00
diff --git a/plain/plain/http/request.py b/plain/plain/http/request.py
@@ -157,7 +157,7 @@ def host(self) -> str:
         property can safely return the host without any validation.
         """
         # We try three options, in order of decreasing preference.
-        if settings.USE_X_FORWARDED_HOST and ("HTTP_X_FORWARDED_HOST" in self.meta):
+        if settings.HTTP_X_FORWARDED_HOST and ("HTTP_X_FORWARDED_HOST" in self.meta):
             host = self.meta["HTTP_X_FORWARDED_HOST"]
         elif "HTTP_HOST" in self.meta:
             host = self.meta["HTTP_HOST"]
@@ -172,7 +172,7 @@ def host(self) -> str:
     @cached_property
     def port(self) -> str:
         """Return the port number for the request as a string."""
-        if settings.USE_X_FORWARDED_PORT and "HTTP_X_FORWARDED_PORT" in self.meta:
+        if settings.HTTP_X_FORWARDED_PORT and "HTTP_X_FORWARDED_PORT" in self.meta:
             port = self.meta["HTTP_X_FORWARDED_PORT"]
         else:
             port = self.meta["SERVER_PORT"]
@@ -182,13 +182,13 @@ def port(self) -> str:
     def client_ip(self) -> str:
         """Return the client's IP address.
 
-        If USE_X_FORWARDED_FOR is True, checks the X-Forwarded-For header first
+        If HTTP_X_FORWARDED_FOR is True, checks the X-Forwarded-For header first
         (using the first/leftmost IP). Otherwise returns REMOTE_ADDR directly.
 
-        Only enable USE_X_FORWARDED_FOR when behind a trusted proxy that
+        Only enable HTTP_X_FORWARDED_FOR when behind a trusted proxy that
         overwrites the X-Forwarded-For header.
         """
-        if settings.USE_X_FORWARDED_FOR:
+        if settings.HTTP_X_FORWARDED_FOR:
             if xff := self.headers.get("X-Forwarded-For"):
                 return xff.split(",")[0].strip()
         return self.meta["REMOTE_ADDR"]
diff --git a/plain/plain/runtime/global_settings.py b/plain/plain/runtime/global_settings.py
@@ -59,9 +59,9 @@
 # Whether to use the X-Forwarded-Host, X-Forwarded-Port, and X-Forwarded-For
 # headers when determining the host, port, and client IP for the request.
 # Only enable these when behind a trusted proxy that overwrites these headers.
-USE_X_FORWARDED_HOST = False
-USE_X_FORWARDED_PORT = False
-USE_X_FORWARDED_FOR = False
+HTTP_X_FORWARDED_HOST: bool = False
+HTTP_X_FORWARDED_PORT: bool = False
+HTTP_X_FORWARDED_FOR: bool = False
 
 # A secret key for this particular Plain installation. Used in secret-key
 # hashing algorithms. Set this in your settings, or Plain will complain
