Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Raise bad request when receiving HTTP request from untrusted proxy #51839

merged 2 commits into from
Jun 17, 2021


Copy link

@frenck frenck commented Jun 14, 2021

Breaking change

Home Assistant will now block HTTP requests when a misconfigured reverse proxy, or misconfigured Home Assistant instance when using a reverse proxy, has been detected.

If you are using a reverse proxy, please make sure you have configured use_x_forwarded_for and trusted_proxies in your HTTP integration configuration.

For more information, see the HTTP integration documentation.

Proposed change

Followup of #51332, now blocking requests from untrusted proxies by raising an HTTPBadRequest

Type of change

  • Dependency upgrade
  • Bugfix (non-breaking change which fixes an issue)
  • New integration (thank you!)
  • New feature (which adds functionality to an existing integration)
  • Breaking change (fix/feature causing existing functionality to break)
  • Code quality improvements to existing code or addition of tests

Additional information

  • This PR fixes or closes issue: fixes #
  • This PR is related to issue:
  • Link to documentation pull request:


  • The code change is tested and works locally.
  • Local tests pass. Your PR cannot be merged unless tests pass
  • There is no commented out code in this PR.
  • I have followed the development checklist
  • The code has been formatted using Black (black --fast homeassistant tests)
  • Tests have been added to verify that the new code works.

If user exposed functionality or configuration variables are added/changed:

If the code communicates with devices, web services, or third-party tools:

  • The manifest file has all fields filled out correctly.
    Updated and included derived files by running: python3 -m script.hassfest.
  • New or updated dependencies have been added to requirements_all.txt.
    Updated by running python3 -m script.gen_requirements_all.
  • Untested files have been added to .coveragerc.

The integration reached or maintains the following Integration Quality Scale:

  • No score or internal
  • 馃 Silver
  • 馃 Gold
  • 馃弳 Platinum

To help with the load of incoming pull requests:

@frenck frenck marked this pull request as ready for review June 14, 2021 12:10
Dev automation moved this from Needs review to Reviewer approved Jun 17, 2021
@MartinHjelmare MartinHjelmare merged commit 33e08f3 into dev Jun 17, 2021
@MartinHjelmare MartinHjelmare deleted the frenck-2021-1783 branch June 17, 2021 02:41
Dev automation moved this from Reviewer approved to Done Jun 17, 2021
@github-actions github-actions bot locked and limited conversation to collaborators Jun 18, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Successfully merging this pull request may close these issues.

None yet

3 participants