Don't accidentally remove X-Forwarded-By if trusted

author: Bert JW Regeer <bertjw@regeer.org> 2018-12-02 04:34:32 -0700
committer: Bert JW Regeer <bertjw@regeer.org> 2018-12-02 18:02:26 -0700
commit: 2a89a1d00b1d487f46487d0617fbdb46e7c58a6e (patch)
tree: 6d80db8904fcaec5220bea3eee8fbbac986e6db5
parent: d6fbdbaf9c4a08572c535f7de8252dd64eddc210 (diff)
download: waitress-2a89a1d00b1d487f46487d0617fbdb46e7c58a6e.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/waitress/task.py b/waitress/task.py
index 9bd32af..22c69db 100644
--- a/waitress/task.py
+++ b/waitress/task.py
@@ -587,6 +587,11 @@ class WSGITask(Task):
                 forwarded_port = ""
                 warn_unspecified_behavior("X-Forwarded-Port")
 
+        if "x-forwarded-by" in trusted_proxy_headers:
+            # Waitress itself does not use X-Forwarded-By, but we can not
+            # remove it so it can get set in the environ
+            untrusted_headers.remove("X_FORWARDED_BY")
+
         if "forwarded" in trusted_proxy_headers:
             forwarded = headers.get("FORWARDED", None)
             untrusted_headers = PROXY_HEADERS - {"FORWARDED"}
author	Bert JW Regeer <bertjw@regeer.org>	2018-12-02 04:34:32 -0700
committer	Bert JW Regeer <bertjw@regeer.org>	2018-12-02 18:02:26 -0700
commit	2a89a1d00b1d487f46487d0617fbdb46e7c58a6e (patch)
tree	6d80db8904fcaec5220bea3eee8fbbac986e6db5
parent	d6fbdbaf9c4a08572c535f7de8252dd64eddc210 (diff)
download	waitress-2a89a1d00b1d487f46487d0617fbdb46e7c58a6e.tar.gz