added any as valid value for the trusted_proxy adjustable

Backgound is when waitress is running inside a container, any request is originates from the gateway of the container network, not from the outside ip. The container network changes every time the container is restarted to a random new network number. So setting one IP as trusted_proxy isn't possible but still needed as most of the time an reverse proxy is between the client an the container. So if it's ensured that only requests from the reverse proxy can reach the container, trusting any host is not a problem.
author: Gerhard Schmidt <estartu@augusta.de> 2018-12-12 08:48:02 +0100
committer: Gerhard Schmidt <estartu@augusta.de> 2018-12-12 08:48:02 +0100
commit: aa84b388177d6bda96e85542a6d14c1976d6dcfe (patch)
tree: 07bd3596bf6627ec3c0ec1592a29f1890a3557f1
parent: 8cfacc1914313d972ecdd133eda18b9b81aafd7f (diff)
download: waitress-aa84b388177d6bda96e85542a6d14c1976d6dcfe.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/waitress/task.py b/waitress/task.py
index 68aa69a..56315d2 100644
--- a/waitress/task.py
+++ b/waitress/task.py
@@ -791,7 +791,7 @@ class WSGITask(Task):
         headers = dict(request.headers)
 
         untrusted_headers = PROXY_HEADERS
-        if remote_peer == server.adj.trusted_proxy:
+        if server.adj.trusted_proxy == 'any' or remote_peer == server.adj.trusted_proxy:
             untrusted_headers = self.parse_proxy_headers(
                 environ,
                 headers,
author	Gerhard Schmidt <estartu@augusta.de>	2018-12-12 08:48:02 +0100
committer	Gerhard Schmidt <estartu@augusta.de>	2018-12-12 08:48:02 +0100
commit	aa84b388177d6bda96e85542a6d14c1976d6dcfe (patch)
tree	07bd3596bf6627ec3c0ec1592a29f1890a3557f1
parent	8cfacc1914313d972ecdd133eda18b9b81aafd7f (diff)
download	waitress-aa84b388177d6bda96e85542a6d14c1976d6dcfe.tar.gz