scope["scheme"] is set to comma-separated list when such a value is present in the X-Forwarded-Proto header #2102
Replies: 2 comments
-
|
example of downstream problem which is caused by this: getsentry/sentry-python#2370 |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
Kludex
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
The
X-Forwarded-Protoheader is underspecified, but may contain comma-separated values in the wild, see e.g. the CloudFoundry gorouterIf this is the case, the
scope["scheme"]will contain such comma-separated values. I think this is probably not what we want, as downstream users expect a single value here.This is where the copying from the header takes place:
https://github.com/encode/uvicorn/blob/e2a39792cc65e45d9ccc5a3908fc79aaa75b7b12/uvicorn/middleware/proxy_headers.py#L70
Compare how Django does this:
https://github.com/django/django/blob/main/django/http/request.py#L264
This seems to be a rather recent addition, the Django ticket contains more info about other projects with similar fixes.
https://code.djangoproject.com/ticket/33569
Beta Was this translation helpful? Give feedback.
All reactions