diff options
author | Bert JW Regeer <bertjw@regeer.org> | 2018-12-02 04:34:32 -0700 |
---|---|---|
committer | Bert JW Regeer <bertjw@regeer.org> | 2018-12-02 18:02:26 -0700 |
commit | 2a89a1d00b1d487f46487d0617fbdb46e7c58a6e (patch) | |
tree | 6d80db8904fcaec5220bea3eee8fbbac986e6db5 | |
parent | d6fbdbaf9c4a08572c535f7de8252dd64eddc210 (diff) | |
download | waitress-2a89a1d00b1d487f46487d0617fbdb46e7c58a6e.tar.gz |
Don't accidentally remove X-Forwarded-By if trusted
-rw-r--r-- | waitress/task.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/waitress/task.py b/waitress/task.py index 9bd32af..22c69db 100644 --- a/waitress/task.py +++ b/waitress/task.py @@ -587,6 +587,11 @@ class WSGITask(Task): forwarded_port = "" warn_unspecified_behavior("X-Forwarded-Port") + if "x-forwarded-by" in trusted_proxy_headers: + # Waitress itself does not use X-Forwarded-By, but we can not + # remove it so it can get set in the environ + untrusted_headers.remove("X_FORWARDED_BY") + if "forwarded" in trusted_proxy_headers: forwarded = headers.get("FORWARDED", None) untrusted_headers = PROXY_HEADERS - {"FORWARDED"} |