Skip to content
This repository has been archived by the owner on Feb 21, 2019. It is now read-only.

URL Scheme should be looked up from wsgi #53

Open
ghost opened this issue Feb 19, 2018 · 0 comments
Open

URL Scheme should be looked up from wsgi #53

ghost opened this issue Feb 19, 2018 · 0 comments

Comments

@ghost
Copy link

ghost commented Feb 19, 2018

This code:

request.headers.get('X-Forwarded-Proto', 'http') == 'https'

Really should be checking against the wsgi.url_scheme. Just trusting HTTP headers from the client is generally not the best idea. If yuo want to use X-Forwarded-Proto you can still remap them as necessary in a WSGI middleware.

@kennethreitz

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant