Commit 35c0e1e7 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

fixup! fixup! ERP5Type/patches: use the first entry of HTTP_X_FORWARDED_FOR as...

fixup! fixup! ERP5Type/patches: use the first entry of HTTP_X_FORWARDED_FOR as the source IP address.
parent 2c484ab3
...@@ -138,8 +138,8 @@ def createServer(application, logger, **kw): ...@@ -138,8 +138,8 @@ def createServer(application, logger, **kw):
global server global server
server = create_server( server = create_server(
TransLogger(application, logger=logger), TransLogger(application, logger=logger),
trusted_proxy='*',
# We handle X-Forwarded-For by ourselves. See ERP5Type/patches/WSGITask.py. # We handle X-Forwarded-For by ourselves. See ERP5Type/patches/WSGITask.py.
# trusted_proxy='*',
# trusted_proxy_headers=('x-forwarded-for',), # trusted_proxy_headers=('x-forwarded-for',),
clear_untrusted_proxy_headers=True, clear_untrusted_proxy_headers=True,
**kw **kw
......
...@@ -3,35 +3,22 @@ ...@@ -3,35 +3,22 @@
import ZPublisher.HTTPRequest import ZPublisher.HTTPRequest
from waitress.task import WSGITask from waitress.task import WSGITask
WSGITask_parse_proxy_headers = WSGITask.parse_proxy_headers WSGITask_get_environment = WSGITask.get_environment
def parse_proxy_headers( def get_environment(self):
self,
environ,
headers,
trusted_proxy_count=1,
trusted_proxy_headers=None,
):
if ZPublisher.HTTPRequest.trusted_proxies == ('0.0.0.0',): # Magic value to enable this functionality if ZPublisher.HTTPRequest.trusted_proxies == ('0.0.0.0',): # Magic value to enable this functionality
# Frontend-facing proxy is responsible for sanitising # Frontend-facing proxy is responsible for sanitising
# X_FORWARDED_FOR, and only trusted accesses should bypass # X_FORWARDED_FOR, and only trusted accesses should bypass
# that proxy. So trust first entry. # that proxy. So trust first entry.
forwarded_for = headers.get('X_FORWARDED_FOR', '').split(',', 1)[0].strip() forwarded_for = dict(self.request.headers).get('X_FORWARDED_FOR', '').split(',', 1)[0].strip()
else: else:
forwarded_for = None forwarded_for = None
untrusted_headers = WSGITask_parse_proxy_headers( environ = WSGITask_get_environment(self)
self,
environ=environ,
headers=headers,
trusted_proxy_count=trusted_proxy_count,
trusted_proxy_headers=trusted_proxy_headers,
)
if forwarded_for: if forwarded_for:
environ['REMOTE_ADDR'] = forwarded_for environ['REMOTE_HOST'] = environ['REMOTE_ADDR'] = forwarded_for
return untrusted_headers return environ
WSGITask.parse_proxy_headers = parse_proxy_headers
WSGITask.get_environment = get_environment
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment