diff options
author | Gerhard Schmidt <estartu@augusta.de> | 2018-12-12 08:48:02 +0100 |
---|---|---|
committer | Gerhard Schmidt <estartu@augusta.de> | 2018-12-12 08:48:02 +0100 |
commit | aa84b388177d6bda96e85542a6d14c1976d6dcfe (patch) | |
tree | 07bd3596bf6627ec3c0ec1592a29f1890a3557f1 | |
parent | 8cfacc1914313d972ecdd133eda18b9b81aafd7f (diff) | |
download | waitress-aa84b388177d6bda96e85542a6d14c1976d6dcfe.tar.gz |
added any as valid value for the trusted_proxy adjustable
Backgound is when waitress is running inside a container, any
request is originates from the gateway of the container network, not
from the outside ip. The container network changes every time the
container is restarted to a random new network number. So setting one
IP as trusted_proxy isn't possible but still needed as most of the time
an reverse proxy is between the client an the container. So if it's
ensured that only requests from the reverse proxy can reach the
container, trusting any host is not a problem.
-rw-r--r-- | waitress/task.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/waitress/task.py b/waitress/task.py index 68aa69a..56315d2 100644 --- a/waitress/task.py +++ b/waitress/task.py @@ -791,7 +791,7 @@ class WSGITask(Task): headers = dict(request.headers) untrusted_headers = PROXY_HEADERS - if remote_peer == server.adj.trusted_proxy: + if server.adj.trusted_proxy == 'any' or remote_peer == server.adj.trusted_proxy: untrusted_headers = self.parse_proxy_headers( environ, headers, |