-
-
Notifications
You must be signed in to change notification settings - Fork 756
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
Add support for Fowarded header (RFC 7239) #2237
Comments
@nhairs Do you have any proposal on how we should implement this? Can we have the |
Per the code comments I left in my open PR, I initially thought this was the case. i.e. use the official headers if available otherwise fallback to the x-forwarded headers. But I suspect that such behaviour might introduce vulnerabilities into user's applications. It might be better to take a PEP20 "Explicit is better than implicit" approach which leads me to...
My gut feeling is that we're better off making users explicitly choose which headers they want to extract info from. Trying to support all of them from the commandline seems like a lot of work though. What about supporting Which leads to my suggestion on #2231: |
Makes sense to be explicit on what is supported. |
Maybe we can check how others are doing it? Are we going to pioneer this "choices"? |
Discussed in #2236
Originally posted by nhairs January 28, 2024
We should probably support the
Forwarded
header which was standardised in RFC 7239.One of the benefits of this header over
X-Forwarded-*
headers is that it supports including the port of the client rather than just the address.See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded
Important
The text was updated successfully, but these errors were encountered: