mirror of
				https://github.com/django/django.git
				synced 2025-10-25 14:46:09 +00:00 
			
		
		
		
	[1.2.X] Fixed #11877 -- Documented that HttpRequest.get_host() fails behind multiple reverse proxies, and added an example middleware solution. Thanks to Tom Evans for the report, and arnav for the patch.
Backport of [14493] from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@14494 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		| @@ -189,16 +189,39 @@ Methods | |||||||
|  |  | ||||||
| .. method:: HttpRequest.get_host() | .. method:: HttpRequest.get_host() | ||||||
|  |  | ||||||
|    .. versionadded:: 1.0 |     .. versionadded:: 1.0 | ||||||
|  |  | ||||||
|    Returns the originating host of the request using information from the |     Returns the originating host of the request using information from the | ||||||
|    ``HTTP_X_FORWARDED_HOST`` and ``HTTP_HOST`` headers (in that order). If |     ``HTTP_X_FORWARDED_HOST`` and ``HTTP_HOST`` headers (in that order). If | ||||||
|    they don't provide a value, the method uses a combination of |     they don't provide a value, the method uses a combination of | ||||||
|    ``SERVER_NAME`` and ``SERVER_PORT`` as detailed in `PEP 333`_. |     ``SERVER_NAME`` and ``SERVER_PORT`` as detailed in `PEP 333`_. | ||||||
|  |  | ||||||
|    .. _PEP 333: http://www.python.org/dev/peps/pep-0333/ |     .. _PEP 333: http://www.python.org/dev/peps/pep-0333/ | ||||||
|  |  | ||||||
|  |     Example: ``"127.0.0.1:8000"`` | ||||||
|  |  | ||||||
|  |     .. note:: The :meth:`~HttpRequest.get_host()` method fails when the host is | ||||||
|  |         behind multiple proxies. One solution is to use middleware to rewrite | ||||||
|  |         the proxy headers, as in the following example:: | ||||||
|  |  | ||||||
|  |             class MultipleProxyMiddleware(object): | ||||||
|  |                 FORWARDED_FOR_FIELDS = [ | ||||||
|  |                     'HTTP_X_FORWARDED_FOR', | ||||||
|  |                     'HTTP_X_FORWARDED_HOST', | ||||||
|  |                     'HTTP_X_FORWARDED_SERVER', | ||||||
|  |                 ] | ||||||
|  |  | ||||||
|  |                 def process_request(self, request): | ||||||
|  |                     """ | ||||||
|  |                     Rewrites the proxy headers so that only the most | ||||||
|  |                     recent proxy is used. | ||||||
|  |                     """ | ||||||
|  |                     for field in self.FORWARDED_FOR_FIELDS: | ||||||
|  |                         if field in request.META: | ||||||
|  |                             if ',' in request.META[field]: | ||||||
|  |                                 parts = request.META[field].split(',') | ||||||
|  |                                 request.META[field] = parts[-1].strip() | ||||||
|  |  | ||||||
|    Example: ``"127.0.0.1:8000"`` |  | ||||||
|  |  | ||||||
| .. method:: HttpRequest.get_full_path() | .. method:: HttpRequest.get_full_path() | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user