X-Forwarded-For Proxy Fix - does not work with IPv6 Addresses

[hjensas]

X-Forwarded-For Proxy Fix does a host.split(":", 1)[1]. This does not work with IPv6 addresses using : separator.
For example splitting [fd00', 'fd00:fd00:0000::2]:13050/ would result in: ['[fd00', 'fd00:fd00:0000::2]:13050/'] and host is incorrectly set to [fd00' i.e only the first hextet of the IPv6 address.

[1] https://github.com/pallets/werkzeug/blob/main/src/werkzeug/middleware/proxy_fix.py#L176

Environment:

• Python version: Python 3.6.8
• Werkzeug version: python3-werkzeug-2.0.1-2.el8.noarch

[davidism]

I see you're already working on a fix. Instead of adding special handling for IPv6, you can change the whole x_host block to this. A similar change will work for x_port.

environ["HTTP_HOST"] = environ["SERVER_NAME"] = x_host

if ":" in x_host and not x_host.endswith("]"):
    environ["SERVER_NAME"], environ["SERVER_PORT"] = x_host.rsplit(":", 1)

[hjensas]

@davidism We need to handle 2001:db8::a]:8080 as well, so not x_host.endswith("]") can be problematic?

But, indeed using rsplit() helps making the code a bit easier to read.
WDYT about the latest update at: hjensas@04fb182

[davidism]

If the host has : but does end with ], then it's an IPv6 without a port, so the code shouldn't try to split the port.

[hjensas]

facpalm you are right. It makes sense now.