2018-12-22 15:21:45 +00:00
|
|
|
import logging
|
2017-03-03 16:44:50 +00:00
|
|
|
import os
|
|
|
|
import ssl
|
2019-04-23 22:44:42 +01:00
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
from json import dumps as json_dumps
|
|
|
|
from json import loads as json_loads
|
|
|
|
from urllib.parse import urlparse
|
2017-01-31 01:04:51 +00:00
|
|
|
|
|
|
|
import pytest
|
|
|
|
|
2021-01-28 07:22:22 +00:00
|
|
|
from sanic_testing.testing import (
|
2020-09-27 00:58:36 +01:00
|
|
|
ASGI_BASE_URL,
|
|
|
|
ASGI_HOST,
|
|
|
|
ASGI_PORT,
|
|
|
|
HOST,
|
|
|
|
PORT,
|
|
|
|
SanicTestClient,
|
|
|
|
)
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2021-01-28 07:22:22 +00:00
|
|
|
from sanic import Blueprint, Sanic
|
|
|
|
from sanic.exceptions import ServerError
|
|
|
|
from sanic.request import DEFAULT_HTTP_CONTENT_TYPE, Request, RequestParameters
|
|
|
|
from sanic.response import html, json, text
|
|
|
|
|
2019-04-23 22:44:42 +01:00
|
|
|
|
2016-10-14 11:23:48 +01:00
|
|
|
# ------------------------------------------------------------ #
|
|
|
|
# GET
|
|
|
|
# ------------------------------------------------------------ #
|
|
|
|
|
2016-10-15 03:53:49 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
def test_sync(app):
|
|
|
|
@app.route("/")
|
2016-10-15 03:53:49 +01:00
|
|
|
def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("Hello")
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert response.text == "Hello"
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
|
2019-05-21 23:42:19 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_sync_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("Hello")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
|
|
|
assert response.text == "Hello"
|
|
|
|
|
|
|
|
|
2019-04-16 14:30:28 +01:00
|
|
|
def test_ip(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2017-10-24 05:01:44 +01:00
|
|
|
def handler(request):
|
2020-02-25 20:01:13 +00:00
|
|
|
return text(f"{request.ip}")
|
2017-10-24 05:01:44 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2017-10-24 05:01:44 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert response.text == "127.0.0.1"
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
|
2019-05-21 23:42:19 +01:00
|
|
|
@pytest.mark.asyncio
|
Streaming Server (#1876)
* Streaming request by async for.
* Make all requests streaming and preload body for non-streaming handlers.
* Cleanup of code and avoid mixing streaming responses.
* Async http protocol loop.
* Change of test: don't require early bad request error but only after CRLF-CRLF.
* Add back streaming requests.
* Rewritten request body parser.
* Misc. cleanup, down to 4 failing tests.
* All tests OK.
* Entirely remove request body queue.
* Let black f*ckup the layout
* Better testing error messages on protocol errors.
* Remove StreamBuffer tests because the type is about to be removed.
* Remove tests using the deprecated get_headers function that can no longer be supported. Chunked mode is now autodetected, so do not put content-length header if chunked mode is preferred.
* Major refactoring of HTTP protocol handling (new module http.py added), all requests made streaming. A few compatibility issues and a lot of cleanup to be done remain, 16 tests failing.
* Terminate check_timeouts once connection_task finishes.
* Code cleanup, 14 tests failing.
* Much cleanup, 12 failing...
* Even more cleanup and error checking, 8 failing tests.
* Remove keep-alive header from responses. First of all, it should say timeout=<value> which wasn't the case with existing implementation, and secondly none of the other web servers I tried include this header.
* Everything but CustomServer OK.
* Linter
* Disable custom protocol test
* Remove unnecessary variables, optimise performance.
* A test was missing that body_init/body_push/body_finish are never called. Rewritten using receive_body and case switching to make it fail if bypassed.
* Minor fixes.
* Remove unused code.
* Py 3.8 check for deprecated loop argument.
* Fix a middleware cancellation handling test with py38.
* Linter 'n fixes
* Typing
* Stricter handling of request header size
* More specific error messages on Payload Too Large.
* Init http.response = None
* Messages further tuned.
* Always try to consume request body, plus minor cleanup.
* Add a missing check in case of close_if_idle on a dead connection.
* Avoid error messages on PayloadTooLarge.
* Add test for new API.
* json takes str, not bytes
* Default to no maximum request size for streaming handlers.
* Fix chunked mode crash.
* Header values should be strictly ASCII but both UTF-8 and Latin-1 exist. Use UTF-8B to
cope with all.
* Refactoring and cleanup.
* Unify response header processing of ASGI and asyncio modes.
* Avoid special handling of StreamingHTTPResponse.
* 35 % speedup in HTTP/1.1 response formatting (not so much overall effect).
* Duplicate set-cookie headers were being produced.
* Cleanup processed_headers some more.
* Linting
* Import ordering
* Response middleware ran by async request.respond().
* Need to check if transport is closing to avoid getting stuck in sending loops after peer has disconnected.
* Middleware and error handling refactoring.
* Linter
* Fix tracking of HTTP stage when writing to transport fails.
* Add clarifying comment
* Add a check for request body functions and a test for NotImplementedError.
* Linter and typing
* These must be tuples + hack mypy warnings away.
* New streaming test and minor fixes.
* Constant receive buffer size.
* 256 KiB send and receive buffers.
* Revert "256 KiB send and receive buffers."
This reverts commit abc1e3edb21a5e6925fa4c856657559608a8d65b.
* app.handle_exception already sends the response.
* Improved handling of errors during request.
* An odd hack to avoid an httpx limitation that causes test failures.
* Limit request header size to 8 KiB at most.
* Remove unnecessary use of format string.
* Cleanup tests
* Remove artifact
* Fix type checking
* Mark test for skipping
* Cleanup some edge cases
* Add ignore_body flag to safe methods
* Add unit tests for timeout logic
* Add unit tests for timeout logic
* Fix Mock usage in timeout test
* Change logging test to only logger in handler
* Windows py3.8 logging issue with current testing client
* Add test_header_size_exceeded
* Resolve merge conflicts
* Add request middleware to hard exception handling
* Add request middleware to hard exception handling
* Request middleware on exception handlers
* Linting
* Cleanup deprecations
Co-authored-by: L. Kärkkäinen <tronic@users.noreply.github.com>
Co-authored-by: Adam Hopkins <admhpkns@gmail.com>
2021-01-10 22:45:36 +00:00
|
|
|
async def test_url_asgi(app):
|
2019-05-21 23:42:19 +01:00
|
|
|
@app.route("/")
|
|
|
|
def handler(request):
|
2020-02-25 20:01:13 +00:00
|
|
|
return text(f"{request.url}")
|
2019-05-21 23:42:19 +01:00
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
2020-09-27 00:58:36 +01:00
|
|
|
if response.text.endswith("/") and not ASGI_BASE_URL.endswith("/"):
|
|
|
|
response.text[:-1] == ASGI_BASE_URL
|
|
|
|
else:
|
|
|
|
assert response.text == ASGI_BASE_URL
|
2019-05-21 23:42:19 +01:00
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_text(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2016-10-15 03:53:49 +01:00
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("Hello")
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert response.text == "Hello"
|
2016-10-14 11:23:48 +01:00
|
|
|
|
|
|
|
|
More robust response datatype handling (#1674)
* HTTP1 header formatting moved to headers.format_headers and rewritten.
- New implementation is one line of code and twice faster than the old one.
- Whole header block encoded to UTF-8 in one pass.
- No longer supports custom encode method on header values.
- Cookie objects now have __str__ in addition to encode, to work with this.
* Linter
* format_http1_response
* Replace encode_body with faster implementation based on f-string.
Benchmarks:
def encode_body(data):
try:
# Try to encode it regularly
return data.encode()
except AttributeError:
# Convert it to a str if you can't
return str(data).encode()
def encode_body2(data):
return f"{data}".encode()
def encode_body3(data):
return str(data).encode()
data_str, data_int = "foo", 123
%timeit encode_body(data_int)
928 ns ± 2.96 ns per loop (mean ± std. dev. of 7 runs, 1000000 loops each)
%timeit encode_body2(data_int)
280 ns ± 2.09 ns per loop (mean ± std. dev. of 7 runs, 1000000 loops each)
%timeit encode_body3(data_int)
387 ns ± 1.7 ns per loop (mean ± std. dev. of 7 runs, 1000000 loops each)
%timeit encode_body(data_str)
202 ns ± 1.9 ns per loop (mean ± std. dev. of 7 runs, 1000000 loops each)
%timeit encode_body2(data_str)
197 ns ± 0.507 ns per loop (mean ± std. dev. of 7 runs, 10000000 loops each)
%timeit encode_body3(data_str)
313 ns ± 1.28 ns per loop (mean ± std. dev. of 7 runs, 1000000 loops each)
* Wtf linter
* Content-type fixes.
* Body encoding sanitation, first pass.
- body/data type autodetection fixed.
- do not repr(body).encode() bytes-ish values.
- support __html__ and _repr_html_ in sanic.response.html().
* <any type>-to-str response autoconversion limited to sanic.response.text() only.
* Workaround MyPy issue.
* Add an empty line to make isort happy.
* Add html test for __html__ and _repr_html_.
* Remove StreamingHTTPResponse.get_headers helper function.
* Add back HTTPResponse Keep-Alive removed by earlier merge or something.
* Revert "Remove StreamingHTTPResponse.get_headers helper function."
Tests depend on this otherwise useless function.
This reverts commit 9651e6ae017b61bed6dd88af6631cdd6b01eb347.
* Add deprecation warnings; instead of assert for wrong HTTP version, and for non-string response.text.
* Add back missing import.
* Avoid duplicate response header tweaking code.
* Linter errors
2020-01-20 16:34:32 +00:00
|
|
|
def test_html(app):
|
|
|
|
class Foo:
|
|
|
|
def __html__(self):
|
|
|
|
return "<h1>Foo</h1>"
|
|
|
|
|
|
|
|
def _repr_html_(self):
|
|
|
|
return "<h1>Foo object repr</h1>"
|
|
|
|
|
|
|
|
class Bar:
|
|
|
|
def _repr_html_(self):
|
|
|
|
return "<h1>Bar object repr</h1>"
|
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return html("<h1>Hello</h1>")
|
|
|
|
|
|
|
|
@app.route("/foo")
|
|
|
|
async def handler(request):
|
|
|
|
return html(Foo())
|
|
|
|
|
|
|
|
@app.route("/bar")
|
|
|
|
async def handler(request):
|
|
|
|
return html(Bar())
|
|
|
|
|
|
|
|
request, response = app.test_client.get("/")
|
|
|
|
assert response.content_type == "text/html; charset=utf-8"
|
|
|
|
assert response.text == "<h1>Hello</h1>"
|
|
|
|
|
|
|
|
request, response = app.test_client.get("/foo")
|
|
|
|
assert response.text == "<h1>Foo</h1>"
|
|
|
|
|
|
|
|
request, response = app.test_client.get("/bar")
|
|
|
|
assert response.text == "<h1>Bar object repr</h1>"
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_text_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text("Hello")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
|
|
|
assert response.text == "Hello"
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_headers(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2016-12-14 05:24:26 +00:00
|
|
|
async def handler(request):
|
|
|
|
headers = {"spam": "great"}
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("Hello", headers=headers)
|
2016-12-14 05:24:26 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2016-12-14 05:24:26 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert response.headers.get("spam") == "great"
|
2016-12-14 05:24:26 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_headers_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
headers = {"spam": "great"}
|
|
|
|
return text("Hello", headers=headers)
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
|
|
|
assert response.headers.get("spam") == "great"
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_non_str_headers(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2016-12-14 05:24:26 +00:00
|
|
|
async def handler(request):
|
|
|
|
headers = {"answer": 42}
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("Hello", headers=headers)
|
2016-12-14 05:24:26 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2016-12-14 05:24:26 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert response.headers.get("answer") == "42"
|
Fix sanic_endpoint_test working with redirects
Before fix, it raises error like:
```
tests/test_utils.py F
================================= FAILURES =================================
______________________________ test_redirect _______________________________
app = <sanic.sanic.Sanic object at 0x1045fda20>, method = 'get', uri = '/1', gather_request = True, debug = False
server_kwargs = {}, request_args = (), request_kwargs = {}
_collect_request = <function sanic_endpoint_test.<locals>._collect_request at 0x1045ec950>
_collect_response = <function sanic_endpoint_test.<locals>._collect_response at 0x1045ec7b8>
def sanic_endpoint_test(app, method='get', uri='/', gather_request=True,
debug=False, server_kwargs={},
*request_args, **request_kwargs):
results = []
exceptions = []
if gather_request:
def _collect_request(request):
results.append(request)
app.request_middleware.appendleft(_collect_request)
async def _collect_response(sanic, loop):
try:
response = await local_request(method, uri, *request_args,
**request_kwargs)
results.append(response)
except Exception as e:
exceptions.append(e)
app.stop()
app.run(host=HOST, debug=debug, port=PORT,
after_start=_collect_response, **server_kwargs)
if exceptions:
raise ValueError("Exception during request: {}".format(exceptions))
if gather_request:
try:
> request, response = results
E ValueError: too many values to unpack (expected 2)
sanic/utils.py:47: ValueError
During handling of the above exception, another exception occurred:
utils_app = <sanic.sanic.Sanic object at 0x1045fda20>
def test_redirect(utils_app):
"""Test sanic_endpoint_test is working for redirection"""
> request, response = sanic_endpoint_test(utils_app, uri='/1')
tests/test_utils.py:33:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
app = <sanic.sanic.Sanic object at 0x1045fda20>, method = 'get', uri = '/1', gather_request = True, debug = False
server_kwargs = {}, request_args = (), request_kwargs = {}
_collect_request = <function sanic_endpoint_test.<locals>._collect_request at 0x1045ec950>
_collect_response = <function sanic_endpoint_test.<locals>._collect_response at 0x1045ec7b8>
def sanic_endpoint_test(app, method='get', uri='/', gather_request=True,
debug=False, server_kwargs={},
*request_args, **request_kwargs):
results = []
exceptions = []
if gather_request:
def _collect_request(request):
results.append(request)
app.request_middleware.appendleft(_collect_request)
async def _collect_response(sanic, loop):
try:
response = await local_request(method, uri, *request_args,
**request_kwargs)
results.append(response)
except Exception as e:
exceptions.append(e)
app.stop()
app.run(host=HOST, debug=debug, port=PORT,
after_start=_collect_response, **server_kwargs)
if exceptions:
raise ValueError("Exception during request: {}".format(exceptions))
if gather_request:
try:
request, response = results
return request, response
except:
raise ValueError(
"Request and response object expected, got ({})".format(
> results))
E ValueError: Request and response object expected, got ([{}, {}, {}, <ClientResponse(http://127.0.0.1:42101/3) [200 OK]>
E <CIMultiDictProxy('Content-Type': 'text/plain; charset=utf-8', 'Content-Length': '2', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=1')>
E ])
sanic/utils.py:52: ValueError
```
2017-02-02 09:51:33 +00:00
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_non_str_headers_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
headers = {"answer": 42}
|
|
|
|
return text("Hello", headers=headers)
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
|
|
|
assert response.headers.get("answer") == "42"
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_invalid_response(app):
|
2016-12-13 20:20:16 +00:00
|
|
|
@app.exception(ServerError)
|
|
|
|
def handler_exception(request, exception):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("Internal Server Error.", 500)
|
2016-12-14 05:24:26 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2016-12-13 20:20:16 +00:00
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return "This should fail"
|
2016-12-13 20:20:16 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2016-12-13 20:20:16 +00:00
|
|
|
assert response.status == 500
|
|
|
|
assert response.text == "Internal Server Error."
|
Fix sanic_endpoint_test working with redirects
Before fix, it raises error like:
```
tests/test_utils.py F
================================= FAILURES =================================
______________________________ test_redirect _______________________________
app = <sanic.sanic.Sanic object at 0x1045fda20>, method = 'get', uri = '/1', gather_request = True, debug = False
server_kwargs = {}, request_args = (), request_kwargs = {}
_collect_request = <function sanic_endpoint_test.<locals>._collect_request at 0x1045ec950>
_collect_response = <function sanic_endpoint_test.<locals>._collect_response at 0x1045ec7b8>
def sanic_endpoint_test(app, method='get', uri='/', gather_request=True,
debug=False, server_kwargs={},
*request_args, **request_kwargs):
results = []
exceptions = []
if gather_request:
def _collect_request(request):
results.append(request)
app.request_middleware.appendleft(_collect_request)
async def _collect_response(sanic, loop):
try:
response = await local_request(method, uri, *request_args,
**request_kwargs)
results.append(response)
except Exception as e:
exceptions.append(e)
app.stop()
app.run(host=HOST, debug=debug, port=PORT,
after_start=_collect_response, **server_kwargs)
if exceptions:
raise ValueError("Exception during request: {}".format(exceptions))
if gather_request:
try:
> request, response = results
E ValueError: too many values to unpack (expected 2)
sanic/utils.py:47: ValueError
During handling of the above exception, another exception occurred:
utils_app = <sanic.sanic.Sanic object at 0x1045fda20>
def test_redirect(utils_app):
"""Test sanic_endpoint_test is working for redirection"""
> request, response = sanic_endpoint_test(utils_app, uri='/1')
tests/test_utils.py:33:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
app = <sanic.sanic.Sanic object at 0x1045fda20>, method = 'get', uri = '/1', gather_request = True, debug = False
server_kwargs = {}, request_args = (), request_kwargs = {}
_collect_request = <function sanic_endpoint_test.<locals>._collect_request at 0x1045ec950>
_collect_response = <function sanic_endpoint_test.<locals>._collect_response at 0x1045ec7b8>
def sanic_endpoint_test(app, method='get', uri='/', gather_request=True,
debug=False, server_kwargs={},
*request_args, **request_kwargs):
results = []
exceptions = []
if gather_request:
def _collect_request(request):
results.append(request)
app.request_middleware.appendleft(_collect_request)
async def _collect_response(sanic, loop):
try:
response = await local_request(method, uri, *request_args,
**request_kwargs)
results.append(response)
except Exception as e:
exceptions.append(e)
app.stop()
app.run(host=HOST, debug=debug, port=PORT,
after_start=_collect_response, **server_kwargs)
if exceptions:
raise ValueError("Exception during request: {}".format(exceptions))
if gather_request:
try:
request, response = results
return request, response
except:
raise ValueError(
"Request and response object expected, got ({})".format(
> results))
E ValueError: Request and response object expected, got ([{}, {}, {}, <ClientResponse(http://127.0.0.1:42101/3) [200 OK]>
E <CIMultiDictProxy('Content-Type': 'text/plain; charset=utf-8', 'Content-Length': '2', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=1')>
E ])
sanic/utils.py:52: ValueError
```
2017-02-02 09:51:33 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_invalid_response_asgi(app):
|
|
|
|
@app.exception(ServerError)
|
|
|
|
def handler_exception(request, exception):
|
|
|
|
return text("Internal Server Error.", 500)
|
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return "This should fail"
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
assert response.status == 500
|
|
|
|
assert response.text == "Internal Server Error."
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_json(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2016-10-15 03:53:49 +01:00
|
|
|
async def handler(request):
|
|
|
|
return json({"test": True})
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2017-03-06 08:33:34 +00:00
|
|
|
results = json_loads(response.text)
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert results.get("test") is True
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-02-01 16:51:51 +00:00
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_json_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return json({"test": True})
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
|
|
|
results = json_loads(response.text)
|
|
|
|
|
|
|
|
assert results.get("test") is True
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_empty_json(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2017-03-06 08:33:34 +00:00
|
|
|
async def handler(request):
|
2018-02-01 10:52:55 +00:00
|
|
|
assert request.json is None
|
2017-03-06 08:33:34 +00:00
|
|
|
return json(request.json)
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2017-03-06 08:33:34 +00:00
|
|
|
assert response.status == 200
|
2018-12-30 11:18:06 +00:00
|
|
|
assert response.text == "null"
|
2018-02-01 10:52:55 +00:00
|
|
|
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_empty_json_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
assert request.json is None
|
|
|
|
return json(request.json)
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
assert response.status == 200
|
|
|
|
assert response.text == "null"
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_invalid_json(app):
|
2019-12-21 03:23:52 +00:00
|
|
|
@app.post("/")
|
2016-12-08 04:33:56 +00:00
|
|
|
async def handler(request):
|
2017-03-06 08:33:34 +00:00
|
|
|
return json(request.json)
|
2016-12-08 04:33:56 +00:00
|
|
|
|
|
|
|
data = "I am not json"
|
2019-12-21 03:23:52 +00:00
|
|
|
request, response = app.test_client.post("/", data=data)
|
2016-12-08 04:33:56 +00:00
|
|
|
|
|
|
|
assert response.status == 400
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_invalid_json_asgi(app):
|
2019-12-21 03:23:52 +00:00
|
|
|
@app.post("/")
|
2019-06-04 08:58:00 +01:00
|
|
|
async def handler(request):
|
|
|
|
return json(request.json)
|
|
|
|
|
|
|
|
data = "I am not json"
|
2019-12-21 03:23:52 +00:00
|
|
|
request, response = await app.asgi_client.post("/", data=data)
|
2019-06-04 08:58:00 +01:00
|
|
|
|
|
|
|
assert response.status == 400
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_query_string(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2016-10-15 03:53:49 +01:00
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2017-02-14 19:51:20 +00:00
|
|
|
request, response = app.test_client.get(
|
2018-12-30 11:18:06 +00:00
|
|
|
"/", params=[("test1", "1"), ("test2", "false"), ("test2", "true")]
|
|
|
|
)
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert request.args.get("test1") == "1"
|
|
|
|
assert request.args.get("test2") == "false"
|
2019-03-14 14:04:05 +00:00
|
|
|
assert request.args.getlist("test2") == ["false", "true"]
|
|
|
|
assert request.args.getlist("test1") == ["1"]
|
|
|
|
assert request.args.get("test3", default="My value") == "My value"
|
2016-10-14 11:23:48 +01:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_query_string_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get(
|
|
|
|
"/", params=[("test1", "1"), ("test2", "false"), ("test2", "true")]
|
|
|
|
)
|
|
|
|
|
|
|
|
assert request.args.get("test1") == "1"
|
|
|
|
assert request.args.get("test2") == "false"
|
|
|
|
assert request.args.getlist("test2") == ["false", "true"]
|
|
|
|
assert request.args.getlist("test1") == ["1"]
|
|
|
|
assert request.args.get("test3", default="My value") == "My value"
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_uri_template(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/foo/<id:int>/bar/<name:[A-z]+>")
|
2019-02-28 14:56:41 +00:00
|
|
|
async def handler(request, id, name):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2017-04-30 11:01:17 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/foo/123/bar/baz")
|
|
|
|
assert request.uri_template == "/foo/<id:int>/bar/<name:[A-z]+>"
|
2017-04-30 11:01:17 +01:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_uri_template_asgi(app):
|
|
|
|
@app.route("/foo/<id:int>/bar/<name:[A-z]+>")
|
|
|
|
async def handler(request, id, name):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/foo/123/bar/baz")
|
|
|
|
assert request.uri_template == "/foo/<id:int>/bar/<name:[A-z]+>"
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_token(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2016-12-26 11:48:53 +00:00
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2016-12-26 11:48:53 +00:00
|
|
|
|
|
|
|
# uuid4 generated token.
|
2018-12-30 11:18:06 +00:00
|
|
|
token = "a1d895e0-553a-421a-8e22-5ff8ecb48cbf"
|
2017-04-22 06:36:02 +01:00
|
|
|
headers = {
|
2018-12-30 11:18:06 +00:00
|
|
|
"content-type": "application/json",
|
2020-02-25 20:01:13 +00:00
|
|
|
"Authorization": f"{token}",
|
2017-04-22 06:36:02 +01:00
|
|
|
}
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
2017-04-22 06:36:02 +01:00
|
|
|
|
|
|
|
assert request.token == token
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
token = "a1d895e0-553a-421a-8e22-5ff8ecb48cbf"
|
2016-12-26 11:48:53 +00:00
|
|
|
headers = {
|
2018-12-30 11:18:06 +00:00
|
|
|
"content-type": "application/json",
|
2020-02-25 20:01:13 +00:00
|
|
|
"Authorization": f"Token {token}",
|
2016-12-26 11:48:53 +00:00
|
|
|
}
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
2016-12-26 11:48:53 +00:00
|
|
|
|
|
|
|
assert request.token == token
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
token = "a1d895e0-553a-421a-8e22-5ff8ecb48cbf"
|
2017-06-22 17:11:23 +01:00
|
|
|
headers = {
|
2018-12-30 11:18:06 +00:00
|
|
|
"content-type": "application/json",
|
2020-02-25 20:01:13 +00:00
|
|
|
"Authorization": f"Bearer {token}",
|
2017-06-22 17:11:23 +01:00
|
|
|
}
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
2017-06-22 17:11:23 +01:00
|
|
|
|
2017-04-22 06:36:02 +01:00
|
|
|
assert request.token == token
|
|
|
|
|
2017-05-17 10:15:45 +01:00
|
|
|
# no Authorization headers
|
2018-12-30 11:18:06 +00:00
|
|
|
headers = {"content-type": "application/json"}
|
2017-05-17 10:15:45 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
2017-05-17 10:15:45 +01:00
|
|
|
|
|
|
|
assert request.token is None
|
2017-04-22 06:36:02 +01:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_token_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
# uuid4 generated token.
|
|
|
|
token = "a1d895e0-553a-421a-8e22-5ff8ecb48cbf"
|
|
|
|
headers = {
|
|
|
|
"content-type": "application/json",
|
2020-02-25 20:01:13 +00:00
|
|
|
"Authorization": f"{token}",
|
2019-06-04 08:58:00 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
|
|
|
|
assert request.token == token
|
|
|
|
|
|
|
|
token = "a1d895e0-553a-421a-8e22-5ff8ecb48cbf"
|
|
|
|
headers = {
|
|
|
|
"content-type": "application/json",
|
2020-02-25 20:01:13 +00:00
|
|
|
"Authorization": f"Token {token}",
|
2019-06-04 08:58:00 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
|
|
|
|
assert request.token == token
|
|
|
|
|
|
|
|
token = "a1d895e0-553a-421a-8e22-5ff8ecb48cbf"
|
|
|
|
headers = {
|
|
|
|
"content-type": "application/json",
|
2020-02-25 20:01:13 +00:00
|
|
|
"Authorization": f"Bearer {token}",
|
2019-06-04 08:58:00 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
|
|
|
|
assert request.token == token
|
|
|
|
|
|
|
|
# no Authorization headers
|
|
|
|
headers = {"content-type": "application/json"}
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
|
|
|
|
assert request.token is None
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_content_type(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2017-06-08 04:48:07 +01:00
|
|
|
async def handler(request):
|
2017-06-09 01:25:22 +01:00
|
|
|
return text(request.content_type)
|
2017-06-08 04:48:07 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2017-06-08 04:48:07 +01:00
|
|
|
assert request.content_type == DEFAULT_HTTP_CONTENT_TYPE
|
2017-06-09 01:25:22 +01:00
|
|
|
assert response.text == DEFAULT_HTTP_CONTENT_TYPE
|
2017-06-08 04:48:07 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
headers = {"content-type": "application/json"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.content_type == "application/json"
|
|
|
|
assert response.text == "application/json"
|
2017-06-08 04:48:07 +01:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_content_type_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text(request.content_type)
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
assert request.content_type == DEFAULT_HTTP_CONTENT_TYPE
|
|
|
|
assert response.text == DEFAULT_HTTP_CONTENT_TYPE
|
|
|
|
|
|
|
|
headers = {"content-type": "application/json"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.content_type == "application/json"
|
|
|
|
assert response.text == "application/json"
|
|
|
|
|
|
|
|
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
def test_standard_forwarded(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return json(request.forwarded)
|
|
|
|
|
|
|
|
# Without configured FORWARDED_SECRET, x-headers should be respected
|
|
|
|
app.config.PROXIES_COUNT = 1
|
|
|
|
app.config.REAL_IP_HEADER = "x-real-ip"
|
|
|
|
headers = {
|
|
|
|
"Forwarded": (
|
|
|
|
'for=1.1.1.1, for=injected;host="'
|
|
|
|
', for="[::2]";proto=https;host=me.tld;path="/app/";secret=mySecret'
|
2019-10-23 17:12:20 +01:00
|
|
|
",for=broken;;secret=b0rked"
|
|
|
|
", for=127.0.0.3;scheme=http;port=1234"
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
),
|
|
|
|
"X-Real-IP": "127.0.0.2",
|
|
|
|
"X-Forwarded-For": "127.0.1.1",
|
|
|
|
"X-Scheme": "ws",
|
2020-06-29 06:55:32 +01:00
|
|
|
"Host": "local.site",
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
2019-10-23 17:12:20 +01:00
|
|
|
assert response.json == {"for": "127.0.0.2", "proto": "ws"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
assert request.remote_addr == "127.0.0.2"
|
|
|
|
assert request.scheme == "ws"
|
2020-06-29 06:55:32 +01:00
|
|
|
assert request.server_name == "local.site"
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
assert request.server_port == 80
|
|
|
|
|
|
|
|
app.config.FORWARDED_SECRET = "mySecret"
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert response.json == {
|
|
|
|
"for": "[::2]",
|
|
|
|
"proto": "https",
|
|
|
|
"host": "me.tld",
|
|
|
|
"path": "/app/",
|
2019-10-23 17:12:20 +01:00
|
|
|
"secret": "mySecret",
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
assert request.remote_addr == "[::2]"
|
|
|
|
assert request.server_name == "me.tld"
|
|
|
|
assert request.scheme == "https"
|
|
|
|
assert request.server_port == 443
|
|
|
|
|
|
|
|
# Empty Forwarded header -> use X-headers
|
|
|
|
headers["Forwarded"] = ""
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
2019-10-23 17:12:20 +01:00
|
|
|
assert response.json == {"for": "127.0.0.2", "proto": "ws"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
|
|
|
|
# Header present but not matching anything
|
|
|
|
request, response = app.test_client.get("/", headers={"Forwarded": "."})
|
|
|
|
assert response.json == {}
|
|
|
|
|
|
|
|
# Forwarded header present but no matching secret -> use X-headers
|
|
|
|
headers = {
|
2019-10-23 17:12:20 +01:00
|
|
|
"Forwarded": "for=1.1.1.1;secret=x, for=127.0.0.1",
|
|
|
|
"X-Real-IP": "127.0.0.2",
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert response.json == {"for": "127.0.0.2"}
|
|
|
|
assert request.remote_addr == "127.0.0.2"
|
|
|
|
|
|
|
|
# Different formatting and hitting both ends of the header
|
|
|
|
headers = {"Forwarded": 'Secret="mySecret";For=127.0.0.4;Port=1234'}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert response.json == {
|
|
|
|
"for": "127.0.0.4",
|
|
|
|
"port": 1234,
|
2019-10-23 17:12:20 +01:00
|
|
|
"secret": "mySecret",
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
# Test escapes (modify this if you see anyone implementing quoted-pairs)
|
|
|
|
headers = {"Forwarded": 'for=test;quoted="\\,x=x;y=\\";secret=mySecret'}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert response.json == {
|
|
|
|
"for": "test",
|
2019-10-23 17:12:20 +01:00
|
|
|
"quoted": "\\,x=x;y=\\",
|
|
|
|
"secret": "mySecret",
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
# Secret insulated by malformed field #1
|
2019-10-23 17:12:20 +01:00
|
|
|
headers = {"Forwarded": "for=test;secret=mySecret;b0rked;proto=wss;"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert response.json == {"for": "test", "secret": "mySecret"}
|
|
|
|
|
|
|
|
# Secret insulated by malformed field #2
|
2019-10-23 17:12:20 +01:00
|
|
|
headers = {"Forwarded": "for=test;b0rked;secret=mySecret;proto=wss"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert response.json == {"proto": "wss", "secret": "mySecret"}
|
|
|
|
|
|
|
|
# Unexpected termination should not lose existing acceptable values
|
2019-10-23 17:12:20 +01:00
|
|
|
headers = {"Forwarded": "b0rked;secret=mySecret;proto=wss"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert response.json == {"proto": "wss", "secret": "mySecret"}
|
|
|
|
|
|
|
|
# Field normalization
|
|
|
|
headers = {
|
|
|
|
"Forwarded": 'PROTO=WSS;BY="CAFE::8000";FOR=unknown;PORT=X;HOST="A:2";'
|
2019-10-23 17:12:20 +01:00
|
|
|
'PATH="/With%20Spaces%22Quoted%22/sanicApp?key=val";SECRET=mySecret'
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert response.json == {
|
|
|
|
"proto": "wss",
|
|
|
|
"by": "[cafe::8000]",
|
|
|
|
"host": "a:2",
|
|
|
|
"path": '/With Spaces"Quoted"/sanicApp?key=val',
|
|
|
|
"secret": "mySecret",
|
|
|
|
}
|
|
|
|
|
|
|
|
# Using "by" field as secret
|
|
|
|
app.config.FORWARDED_SECRET = "_proxySecret"
|
2019-10-23 17:12:20 +01:00
|
|
|
headers = {"Forwarded": "for=1.2.3.4; by=_proxySecret"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert response.json == {"for": "1.2.3.4", "by": "_proxySecret"}
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_standard_forwarded_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return json(request.forwarded)
|
|
|
|
|
|
|
|
# Without configured FORWARDED_SECRET, x-headers should be respected
|
|
|
|
app.config.PROXIES_COUNT = 1
|
|
|
|
app.config.REAL_IP_HEADER = "x-real-ip"
|
|
|
|
headers = {
|
|
|
|
"Forwarded": (
|
|
|
|
'for=1.1.1.1, for=injected;host="'
|
|
|
|
', for="[::2]";proto=https;host=me.tld;path="/app/";secret=mySecret'
|
2019-10-23 17:12:20 +01:00
|
|
|
",for=broken;;secret=b0rked"
|
|
|
|
", for=127.0.0.3;scheme=http;port=1234"
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
),
|
|
|
|
"X-Real-IP": "127.0.0.2",
|
|
|
|
"X-Forwarded-For": "127.0.1.1",
|
|
|
|
"X-Scheme": "ws",
|
|
|
|
}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
2019-10-23 17:12:20 +01:00
|
|
|
assert response.json() == {"for": "127.0.0.2", "proto": "ws"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
assert request.remote_addr == "127.0.0.2"
|
|
|
|
assert request.scheme == "ws"
|
2020-09-27 00:58:36 +01:00
|
|
|
assert request.server_port == ASGI_PORT
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
|
|
|
|
app.config.FORWARDED_SECRET = "mySecret"
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert response.json() == {
|
|
|
|
"for": "[::2]",
|
|
|
|
"proto": "https",
|
|
|
|
"host": "me.tld",
|
|
|
|
"path": "/app/",
|
2019-10-23 17:12:20 +01:00
|
|
|
"secret": "mySecret",
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
assert request.remote_addr == "[::2]"
|
|
|
|
assert request.server_name == "me.tld"
|
|
|
|
assert request.scheme == "https"
|
|
|
|
assert request.server_port == 443
|
|
|
|
|
|
|
|
# Empty Forwarded header -> use X-headers
|
|
|
|
headers["Forwarded"] = ""
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
2019-10-23 17:12:20 +01:00
|
|
|
assert response.json() == {"for": "127.0.0.2", "proto": "ws"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
|
|
|
|
# Header present but not matching anything
|
2019-10-23 17:12:20 +01:00
|
|
|
request, response = await app.asgi_client.get(
|
|
|
|
"/", headers={"Forwarded": "."}
|
|
|
|
)
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
assert response.json() == {}
|
|
|
|
|
|
|
|
# Forwarded header present but no matching secret -> use X-headers
|
|
|
|
headers = {
|
2019-10-23 17:12:20 +01:00
|
|
|
"Forwarded": "for=1.1.1.1;secret=x, for=127.0.0.1",
|
|
|
|
"X-Real-IP": "127.0.0.2",
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert response.json() == {"for": "127.0.0.2"}
|
|
|
|
assert request.remote_addr == "127.0.0.2"
|
|
|
|
|
|
|
|
# Different formatting and hitting both ends of the header
|
|
|
|
headers = {"Forwarded": 'Secret="mySecret";For=127.0.0.4;Port=1234'}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert response.json() == {
|
|
|
|
"for": "127.0.0.4",
|
|
|
|
"port": 1234,
|
2019-10-23 17:12:20 +01:00
|
|
|
"secret": "mySecret",
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
# Test escapes (modify this if you see anyone implementing quoted-pairs)
|
|
|
|
headers = {"Forwarded": 'for=test;quoted="\\,x=x;y=\\";secret=mySecret'}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert response.json() == {
|
|
|
|
"for": "test",
|
2019-10-23 17:12:20 +01:00
|
|
|
"quoted": "\\,x=x;y=\\",
|
|
|
|
"secret": "mySecret",
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
# Secret insulated by malformed field #1
|
2019-10-23 17:12:20 +01:00
|
|
|
headers = {"Forwarded": "for=test;secret=mySecret;b0rked;proto=wss;"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert response.json() == {"for": "test", "secret": "mySecret"}
|
|
|
|
|
|
|
|
# Secret insulated by malformed field #2
|
2019-10-23 17:12:20 +01:00
|
|
|
headers = {"Forwarded": "for=test;b0rked;secret=mySecret;proto=wss"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert response.json() == {"proto": "wss", "secret": "mySecret"}
|
|
|
|
|
|
|
|
# Unexpected termination should not lose existing acceptable values
|
2019-10-23 17:12:20 +01:00
|
|
|
headers = {"Forwarded": "b0rked;secret=mySecret;proto=wss"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert response.json() == {"proto": "wss", "secret": "mySecret"}
|
|
|
|
|
|
|
|
# Field normalization
|
|
|
|
headers = {
|
|
|
|
"Forwarded": 'PROTO=WSS;BY="CAFE::8000";FOR=unknown;PORT=X;HOST="A:2";'
|
2019-10-23 17:12:20 +01:00
|
|
|
'PATH="/With%20Spaces%22Quoted%22/sanicApp?key=val";SECRET=mySecret'
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert response.json() == {
|
|
|
|
"proto": "wss",
|
|
|
|
"by": "[cafe::8000]",
|
|
|
|
"host": "a:2",
|
|
|
|
"path": '/With Spaces"Quoted"/sanicApp?key=val',
|
|
|
|
"secret": "mySecret",
|
|
|
|
}
|
|
|
|
|
|
|
|
# Using "by" field as secret
|
|
|
|
app.config.FORWARDED_SECRET = "_proxySecret"
|
2019-10-23 17:12:20 +01:00
|
|
|
headers = {"Forwarded": "for=1.2.3.4; by=_proxySecret"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert response.json() == {"for": "1.2.3.4", "by": "_proxySecret"}
|
|
|
|
|
|
|
|
|
2019-04-16 14:30:28 +01:00
|
|
|
def test_remote_addr_with_two_proxies(app):
|
|
|
|
app.config.PROXIES_COUNT = 2
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
app.config.REAL_IP_HEADER = "x-real-ip"
|
2019-04-16 14:30:28 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2017-07-14 17:29:16 +01:00
|
|
|
async def handler(request):
|
|
|
|
return text(request.remote_addr)
|
|
|
|
|
2019-04-16 14:30:28 +01:00
|
|
|
headers = {"X-Real-IP": "127.0.0.2", "X-Forwarded-For": "127.0.1.1"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.0.2"
|
|
|
|
assert response.text == "127.0.0.2"
|
|
|
|
|
|
|
|
headers = {"X-Forwarded-For": "127.0.1.1"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
headers = {"X-Forwarded-For": "127.0.0.1, 127.0.1.2"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.0.1"
|
|
|
|
assert response.text == "127.0.0.1"
|
2017-07-14 17:29:16 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
2017-07-14 17:29:16 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
headers = {"X-Forwarded-For": "127.0.0.1, , ,,127.0.1.2"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.0.1"
|
|
|
|
assert response.text == "127.0.0.1"
|
2017-07-14 17:29:16 +01:00
|
|
|
|
2019-04-16 14:30:28 +01:00
|
|
|
headers = {
|
|
|
|
"X-Forwarded-For": ", 127.0.2.2, , ,127.0.0.1, , ,,127.0.1.2"
|
|
|
|
}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.0.1"
|
|
|
|
assert response.text == "127.0.0.1"
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_remote_addr_with_two_proxies_asgi(app):
|
|
|
|
app.config.PROXIES_COUNT = 2
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
app.config.REAL_IP_HEADER = "x-real-ip"
|
2019-06-04 08:58:00 +01:00
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text(request.remote_addr)
|
|
|
|
|
|
|
|
headers = {"X-Real-IP": "127.0.0.2", "X-Forwarded-For": "127.0.1.1"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.0.2"
|
|
|
|
assert response.text == "127.0.0.2"
|
|
|
|
|
|
|
|
headers = {"X-Forwarded-For": "127.0.1.1"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
|
|
|
headers = {"X-Forwarded-For": "127.0.0.1, 127.0.1.2"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.0.1"
|
|
|
|
assert response.text == "127.0.0.1"
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
|
|
|
headers = {"X-Forwarded-For": "127.0.0.1, , ,,127.0.1.2"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.0.1"
|
|
|
|
assert response.text == "127.0.0.1"
|
|
|
|
|
|
|
|
headers = {
|
|
|
|
"X-Forwarded-For": ", 127.0.2.2, , ,127.0.0.1, , ,,127.0.1.2"
|
|
|
|
}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.0.1"
|
|
|
|
assert response.text == "127.0.0.1"
|
|
|
|
|
|
|
|
|
2019-04-16 14:30:28 +01:00
|
|
|
def test_remote_addr_without_proxy(app):
|
|
|
|
app.config.PROXIES_COUNT = 0
|
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text(request.remote_addr)
|
|
|
|
|
|
|
|
headers = {"X-Real-IP": "127.0.0.2", "X-Forwarded-For": "127.0.1.1"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
|
|
|
headers = {"X-Forwarded-For": "127.0.1.1"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
|
|
|
headers = {"X-Forwarded-For": "127.0.0.1, 127.0.1.2"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_remote_addr_without_proxy_asgi(app):
|
|
|
|
app.config.PROXIES_COUNT = 0
|
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text(request.remote_addr)
|
|
|
|
|
|
|
|
headers = {"X-Real-IP": "127.0.0.2", "X-Forwarded-For": "127.0.1.1"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
|
|
|
headers = {"X-Forwarded-For": "127.0.1.1"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
|
|
|
headers = {"X-Forwarded-For": "127.0.0.1, 127.0.1.2"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
|
|
|
|
2019-04-16 14:30:28 +01:00
|
|
|
def test_remote_addr_custom_headers(app):
|
|
|
|
app.config.PROXIES_COUNT = 1
|
|
|
|
app.config.REAL_IP_HEADER = "Client-IP"
|
|
|
|
app.config.FORWARDED_FOR_HEADER = "Forwarded"
|
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text(request.remote_addr)
|
|
|
|
|
|
|
|
headers = {"X-Real-IP": "127.0.0.2", "Forwarded": "127.0.1.1"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.1.1"
|
|
|
|
assert response.text == "127.0.1.1"
|
|
|
|
|
|
|
|
headers = {"X-Forwarded-For": "127.0.1.1"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
|
|
|
headers = {"Client-IP": "127.0.0.2", "Forwarded": "127.0.1.1"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.0.2"
|
|
|
|
assert response.text == "127.0.0.2"
|
|
|
|
|
2017-07-14 17:29:16 +01:00
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_remote_addr_custom_headers_asgi(app):
|
|
|
|
app.config.PROXIES_COUNT = 1
|
|
|
|
app.config.REAL_IP_HEADER = "Client-IP"
|
|
|
|
app.config.FORWARDED_FOR_HEADER = "Forwarded"
|
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text(request.remote_addr)
|
|
|
|
|
|
|
|
headers = {"X-Real-IP": "127.0.0.2", "Forwarded": "127.0.1.1"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.1.1"
|
|
|
|
assert response.text == "127.0.1.1"
|
|
|
|
|
|
|
|
headers = {"X-Forwarded-For": "127.0.1.1"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
|
|
|
headers = {"Client-IP": "127.0.0.2", "Forwarded": "127.0.1.1"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.0.2"
|
|
|
|
assert response.text == "127.0.0.2"
|
|
|
|
|
|
|
|
|
2019-07-04 13:13:43 +01:00
|
|
|
def test_forwarded_scheme(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text(request.remote_addr)
|
|
|
|
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
app.config.PROXIES_COUNT = 1
|
2019-07-04 13:13:43 +01:00
|
|
|
request, response = app.test_client.get("/")
|
2019-07-08 08:33:33 +01:00
|
|
|
assert request.scheme == "http"
|
2019-07-04 13:13:43 +01:00
|
|
|
|
2019-07-08 08:33:33 +01:00
|
|
|
request, response = app.test_client.get(
|
2019-10-23 17:12:20 +01:00
|
|
|
"/",
|
|
|
|
headers={"X-Forwarded-For": "127.1.2.3", "X-Forwarded-Proto": "https"},
|
2019-07-08 08:33:33 +01:00
|
|
|
)
|
|
|
|
assert request.scheme == "https"
|
2019-07-04 13:13:43 +01:00
|
|
|
|
2019-10-23 17:12:20 +01:00
|
|
|
request, response = app.test_client.get(
|
|
|
|
"/", headers={"X-Forwarded-For": "127.1.2.3", "X-Scheme": "https"}
|
|
|
|
)
|
2019-07-08 08:33:33 +01:00
|
|
|
assert request.scheme == "https"
|
2019-07-04 13:13:43 +01:00
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_match_info(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/api/v1/user/<user_id>/")
|
2017-06-17 17:47:58 +01:00
|
|
|
async def handler(request, user_id):
|
|
|
|
return json(request.match_info)
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/api/v1/user/sanic_user/")
|
2017-06-17 17:47:58 +01:00
|
|
|
|
|
|
|
assert request.match_info == {"user_id": "sanic_user"}
|
|
|
|
assert json_loads(response.text) == {"user_id": "sanic_user"}
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_match_info_asgi(app):
|
|
|
|
@app.route("/api/v1/user/<user_id>/")
|
|
|
|
async def handler(request, user_id):
|
|
|
|
return json(request.match_info)
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/api/v1/user/sanic_user/")
|
|
|
|
|
|
|
|
assert request.match_info == {"user_id": "sanic_user"}
|
|
|
|
assert json_loads(response.text) == {"user_id": "sanic_user"}
|
|
|
|
|
|
|
|
|
2016-10-14 11:23:48 +01:00
|
|
|
# ------------------------------------------------------------ #
|
|
|
|
# POST
|
|
|
|
# ------------------------------------------------------------ #
|
|
|
|
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
def test_post_json(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
2016-10-15 03:53:49 +01:00
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
payload = {"test": "OK"}
|
|
|
|
headers = {"content-type": "application/json"}
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2017-02-23 02:36:08 +00:00
|
|
|
request, response = app.test_client.post(
|
2018-12-30 11:18:06 +00:00
|
|
|
"/", data=json_dumps(payload), headers=headers
|
|
|
|
)
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert request.json.get("test") == "OK"
|
|
|
|
assert request.json.get("test") == "OK" # for request.parsed_json
|
|
|
|
assert response.text == "OK"
|
2016-10-19 08:23:44 +01:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_post_json_asgi(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
payload = {"test": "OK"}
|
|
|
|
headers = {"content-type": "application/json"}
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.post(
|
|
|
|
"/", data=json_dumps(payload), headers=headers
|
|
|
|
)
|
|
|
|
|
|
|
|
assert request.json.get("test") == "OK"
|
|
|
|
assert request.json.get("test") == "OK" # for request.parsed_json
|
|
|
|
assert response.text == "OK"
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_post_form_urlencoded(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/", methods=["POST"])
|
2016-10-19 08:23:44 +01:00
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2016-10-19 08:23:44 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
payload = "test=OK"
|
|
|
|
headers = {"content-type": "application/x-www-form-urlencoded"}
|
2016-10-19 08:23:44 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.post(
|
|
|
|
"/", data=payload, headers=headers
|
|
|
|
)
|
2016-10-19 08:23:44 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert request.form.get("test") == "OK"
|
|
|
|
assert request.form.get("test") == "OK" # For request.parsed_form
|
2016-10-19 08:23:44 +01:00
|
|
|
|
2017-07-14 17:29:16 +01:00
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_post_form_urlencoded_asgi(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
payload = "test=OK"
|
|
|
|
headers = {"content-type": "application/x-www-form-urlencoded"}
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.post(
|
|
|
|
"/", data=payload, headers=headers
|
|
|
|
)
|
|
|
|
|
|
|
|
assert request.form.get("test") == "OK"
|
|
|
|
assert request.form.get("test") == "OK" # For request.parsed_form
|
|
|
|
|
|
|
|
|
2017-07-10 20:29:47 +01:00
|
|
|
@pytest.mark.parametrize(
|
2018-12-30 11:18:06 +00:00
|
|
|
"payload",
|
|
|
|
[
|
|
|
|
"------sanic\r\n"
|
2018-10-22 21:25:38 +01:00
|
|
|
'Content-Disposition: form-data; name="test"\r\n'
|
2018-12-30 11:18:06 +00:00
|
|
|
"\r\n"
|
|
|
|
"OK\r\n"
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"------sanic\r\n"
|
2018-10-22 21:25:38 +01:00
|
|
|
'content-disposition: form-data; name="test"\r\n'
|
2018-12-30 11:18:06 +00:00
|
|
|
"\r\n"
|
|
|
|
"OK\r\n"
|
|
|
|
"------sanic--\r\n",
|
|
|
|
],
|
|
|
|
)
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_post_form_multipart_form_data(app, payload):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/", methods=["POST"])
|
2016-10-19 08:23:44 +01:00
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2016-10-19 08:23:44 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
headers = {"content-type": "multipart/form-data; boundary=----sanic"}
|
2016-10-19 08:23:44 +01:00
|
|
|
|
2017-02-23 02:36:08 +00:00
|
|
|
request, response = app.test_client.post(data=payload, headers=headers)
|
2016-10-19 08:23:44 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert request.form.get("test") == "OK"
|
2017-03-03 16:44:50 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.parametrize(
|
|
|
|
"payload",
|
|
|
|
[
|
|
|
|
"------sanic\r\n"
|
|
|
|
'Content-Disposition: form-data; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
"OK\r\n"
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"------sanic\r\n"
|
|
|
|
'content-disposition: form-data; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
"OK\r\n"
|
|
|
|
"------sanic--\r\n",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_post_form_multipart_form_data_asgi(app, payload):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
headers = {"content-type": "multipart/form-data; boundary=----sanic"}
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.post(
|
|
|
|
"/", data=payload, headers=headers
|
|
|
|
)
|
|
|
|
|
|
|
|
assert request.form.get("test") == "OK"
|
|
|
|
|
|
|
|
|
2017-03-03 16:44:50 +00:00
|
|
|
@pytest.mark.parametrize(
|
2018-12-30 11:18:06 +00:00
|
|
|
"path,query,expected_url",
|
|
|
|
[
|
|
|
|
("/foo", "", "http://{}:{}/foo"),
|
|
|
|
("/bar/baz", "", "http://{}:{}/bar/baz"),
|
|
|
|
("/moo/boo", "arg1=val1", "http://{}:{}/moo/boo?arg1=val1"),
|
|
|
|
],
|
|
|
|
)
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_url_attributes_no_ssl(app, path, query, expected_url):
|
2017-03-03 16:44:50 +00:00
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2017-03-03 16:44:50 +00:00
|
|
|
|
|
|
|
app.add_route(handler, path)
|
|
|
|
|
2020-02-25 20:01:13 +00:00
|
|
|
request, response = app.test_client.get(path + f"?{query}")
|
2020-03-26 04:42:46 +00:00
|
|
|
assert request.url == expected_url.format(HOST, request.server_port)
|
2017-03-03 16:44:50 +00:00
|
|
|
|
|
|
|
parsed = urlparse(request.url)
|
|
|
|
|
|
|
|
assert parsed.scheme == request.scheme
|
|
|
|
assert parsed.path == request.path
|
|
|
|
assert parsed.query == request.query_string
|
2017-03-03 18:32:32 +00:00
|
|
|
assert parsed.netloc == request.host
|
2017-03-03 16:44:50 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.parametrize(
|
|
|
|
"path,query,expected_url",
|
|
|
|
[
|
2020-09-27 00:58:36 +01:00
|
|
|
("/foo", "", "{}/foo"),
|
|
|
|
("/bar/baz", "", "{}/bar/baz"),
|
|
|
|
("/moo/boo", "arg1=val1", "{}/moo/boo?arg1=val1"),
|
2019-06-04 08:58:00 +01:00
|
|
|
],
|
|
|
|
)
|
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_url_attributes_no_ssl_asgi(app, path, query, expected_url):
|
|
|
|
async def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
app.add_route(handler, path)
|
|
|
|
|
2020-02-25 20:01:13 +00:00
|
|
|
request, response = await app.asgi_client.get(path + f"?{query}")
|
2020-09-27 00:58:36 +01:00
|
|
|
assert request.url == expected_url.format(ASGI_BASE_URL)
|
2019-06-04 08:58:00 +01:00
|
|
|
|
|
|
|
parsed = urlparse(request.url)
|
|
|
|
|
|
|
|
assert parsed.scheme == request.scheme
|
|
|
|
assert parsed.path == request.path
|
|
|
|
assert parsed.query == request.query_string
|
|
|
|
assert parsed.netloc == request.host
|
|
|
|
|
|
|
|
|
2017-03-03 16:44:50 +00:00
|
|
|
@pytest.mark.parametrize(
|
2018-12-30 11:18:06 +00:00
|
|
|
"path,query,expected_url",
|
|
|
|
[
|
|
|
|
("/foo", "", "https://{}:{}/foo"),
|
|
|
|
("/bar/baz", "", "https://{}:{}/bar/baz"),
|
|
|
|
("/moo/boo", "arg1=val1", "https://{}:{}/moo/boo?arg1=val1"),
|
|
|
|
],
|
|
|
|
)
|
2018-12-13 17:50:50 +00:00
|
|
|
def test_url_attributes_with_ssl_context(app, path, query, expected_url):
|
2017-03-03 16:44:50 +00:00
|
|
|
current_dir = os.path.dirname(os.path.realpath(__file__))
|
|
|
|
context = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
|
|
|
|
context.load_cert_chain(
|
2018-12-30 11:18:06 +00:00
|
|
|
os.path.join(current_dir, "certs/selfsigned.cert"),
|
|
|
|
keyfile=os.path.join(current_dir, "certs/selfsigned.key"),
|
|
|
|
)
|
2017-03-03 16:44:50 +00:00
|
|
|
|
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2017-03-03 16:44:50 +00:00
|
|
|
|
|
|
|
app.add_route(handler, path)
|
|
|
|
|
2020-03-26 04:42:46 +00:00
|
|
|
port = app.test_client.port
|
2017-03-03 16:44:50 +00:00
|
|
|
request, response = app.test_client.get(
|
2020-02-25 20:01:13 +00:00
|
|
|
f"https://{HOST}:{PORT}" + path + f"?{query}",
|
2018-12-30 11:18:06 +00:00
|
|
|
server_kwargs={"ssl": context},
|
|
|
|
)
|
2020-03-26 04:42:46 +00:00
|
|
|
assert request.url == expected_url.format(HOST, request.server_port)
|
2017-03-03 16:44:50 +00:00
|
|
|
|
|
|
|
parsed = urlparse(request.url)
|
|
|
|
|
|
|
|
assert parsed.scheme == request.scheme
|
|
|
|
assert parsed.path == request.path
|
|
|
|
assert parsed.query == request.query_string
|
2017-03-03 18:32:32 +00:00
|
|
|
assert parsed.netloc == request.host
|
2018-11-10 11:20:30 +00:00
|
|
|
|
|
|
|
|
2018-12-13 17:50:50 +00:00
|
|
|
@pytest.mark.parametrize(
|
2018-12-30 11:18:06 +00:00
|
|
|
"path,query,expected_url",
|
|
|
|
[
|
|
|
|
("/foo", "", "https://{}:{}/foo"),
|
|
|
|
("/bar/baz", "", "https://{}:{}/bar/baz"),
|
|
|
|
("/moo/boo", "arg1=val1", "https://{}:{}/moo/boo?arg1=val1"),
|
|
|
|
],
|
|
|
|
)
|
2018-12-13 17:50:50 +00:00
|
|
|
def test_url_attributes_with_ssl_dict(app, path, query, expected_url):
|
|
|
|
|
|
|
|
current_dir = os.path.dirname(os.path.realpath(__file__))
|
2018-12-30 11:18:06 +00:00
|
|
|
ssl_cert = os.path.join(current_dir, "certs/selfsigned.cert")
|
|
|
|
ssl_key = os.path.join(current_dir, "certs/selfsigned.key")
|
2018-12-13 17:50:50 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
ssl_dict = {"cert": ssl_cert, "key": ssl_key}
|
2018-12-13 17:50:50 +00:00
|
|
|
|
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2018-12-13 17:50:50 +00:00
|
|
|
|
|
|
|
app.add_route(handler, path)
|
|
|
|
|
|
|
|
request, response = app.test_client.get(
|
2020-02-25 20:01:13 +00:00
|
|
|
f"https://{HOST}:{PORT}" + path + f"?{query}",
|
2018-12-30 11:18:06 +00:00
|
|
|
server_kwargs={"ssl": ssl_dict},
|
|
|
|
)
|
2020-03-26 04:42:46 +00:00
|
|
|
assert request.url == expected_url.format(HOST, request.server_port)
|
2018-12-13 17:50:50 +00:00
|
|
|
|
|
|
|
parsed = urlparse(request.url)
|
|
|
|
|
|
|
|
assert parsed.scheme == request.scheme
|
|
|
|
assert parsed.path == request.path
|
|
|
|
assert parsed.query == request.query_string
|
|
|
|
assert parsed.netloc == request.host
|
|
|
|
|
|
|
|
|
|
|
|
def test_invalid_ssl_dict(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.get("/test")
|
2018-12-13 17:50:50 +00:00
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("ssl test")
|
2018-12-13 17:50:50 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
ssl_dict = {"cert": None, "key": None}
|
2018-12-13 17:50:50 +00:00
|
|
|
|
|
|
|
with pytest.raises(ValueError) as excinfo:
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get(
|
|
|
|
"/test", server_kwargs={"ssl": ssl_dict}
|
|
|
|
)
|
2018-12-13 17:50:50 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert str(excinfo.value) == "SSLContext or certificate and key required."
|
2018-12-13 17:50:50 +00:00
|
|
|
|
|
|
|
|
2018-11-10 11:20:30 +00:00
|
|
|
def test_form_with_multiple_values(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/", methods=["POST"])
|
2018-11-10 11:20:30 +00:00
|
|
|
async def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
payload = "selectedItems=v1&selectedItems=v2&selectedItems=v3"
|
2018-11-10 11:20:30 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
headers = {"content-type": "application/x-www-form-urlencoded"}
|
2018-11-10 11:20:30 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.post(
|
|
|
|
"/", data=payload, headers=headers
|
|
|
|
)
|
2018-11-10 11:20:30 +00:00
|
|
|
|
|
|
|
assert request.form.getlist("selectedItems") == ["v1", "v2", "v3"]
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_form_with_multiple_values_asgi(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
payload = "selectedItems=v1&selectedItems=v2&selectedItems=v3"
|
|
|
|
|
|
|
|
headers = {"content-type": "application/x-www-form-urlencoded"}
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.post(
|
|
|
|
"/", data=payload, headers=headers
|
|
|
|
)
|
|
|
|
|
|
|
|
assert request.form.getlist("selectedItems") == ["v1", "v2", "v3"]
|
|
|
|
|
|
|
|
|
2018-11-10 11:20:30 +00:00
|
|
|
def test_request_string_representation(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/", methods=["GET"])
|
2018-11-10 11:20:30 +00:00
|
|
|
async def get(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
request, _ = app.test_client.get("/")
|
2018-12-30 11:18:06 +00:00
|
|
|
assert repr(request) == "<Request: GET />"
|
2018-11-10 11:20:30 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_string_representation_asgi(app):
|
|
|
|
@app.route("/", methods=["GET"])
|
|
|
|
async def get(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
request, _ = await app.asgi_client.get("/")
|
|
|
|
assert repr(request) == "<Request: GET />"
|
|
|
|
|
|
|
|
|
2018-11-10 11:20:30 +00:00
|
|
|
@pytest.mark.parametrize(
|
2019-02-28 14:55:32 +00:00
|
|
|
"payload,filename",
|
2018-12-30 11:18:06 +00:00
|
|
|
[
|
2019-04-23 22:44:42 +01:00
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'Content-Disposition: form-data; filename="filename"; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
"OK\r\n"
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"filename",
|
|
|
|
),
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'content-disposition: form-data; filename="filename"; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
'content-type: application/json; {"field": "value"}\r\n'
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"filename",
|
|
|
|
),
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'Content-Disposition: form-data; filename=""; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
"OK\r\n"
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"",
|
|
|
|
),
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'content-disposition: form-data; filename=""; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
'content-type: application/json; {"field": "value"}\r\n'
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"",
|
|
|
|
),
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'Content-Disposition: form-data; filename*="utf-8\'\'filename_%C2%A0_test"; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
"OK\r\n"
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"filename_\u00A0_test",
|
|
|
|
),
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'content-disposition: form-data; filename*="utf-8\'\'filename_%C2%A0_test"; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
'content-type: application/json; {"field": "value"}\r\n'
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"filename_\u00A0_test",
|
|
|
|
),
|
2018-12-30 11:18:06 +00:00
|
|
|
],
|
|
|
|
)
|
2019-02-28 14:55:32 +00:00
|
|
|
def test_request_multipart_files(app, payload, filename):
|
2018-11-10 11:20:30 +00:00
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
headers = {"content-type": "multipart/form-data; boundary=----sanic"}
|
2018-11-10 11:20:30 +00:00
|
|
|
|
|
|
|
request, _ = app.test_client.post(data=payload, headers=headers)
|
2019-02-28 14:55:32 +00:00
|
|
|
assert request.files.get("test").name == filename
|
2018-11-10 11:20:30 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.parametrize(
|
|
|
|
"payload,filename",
|
|
|
|
[
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'Content-Disposition: form-data; filename="filename"; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
"OK\r\n"
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"filename",
|
|
|
|
),
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'content-disposition: form-data; filename="filename"; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
'content-type: application/json; {"field": "value"}\r\n'
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"filename",
|
|
|
|
),
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'Content-Disposition: form-data; filename=""; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
"OK\r\n"
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"",
|
|
|
|
),
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'content-disposition: form-data; filename=""; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
'content-type: application/json; {"field": "value"}\r\n'
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"",
|
|
|
|
),
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'Content-Disposition: form-data; filename*="utf-8\'\'filename_%C2%A0_test"; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
"OK\r\n"
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"filename_\u00A0_test",
|
|
|
|
),
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'content-disposition: form-data; filename*="utf-8\'\'filename_%C2%A0_test"; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
'content-type: application/json; {"field": "value"}\r\n'
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"filename_\u00A0_test",
|
|
|
|
),
|
|
|
|
],
|
|
|
|
)
|
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_multipart_files_asgi(app, payload, filename):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
headers = {"content-type": "multipart/form-data; boundary=----sanic"}
|
|
|
|
|
|
|
|
request, _ = await app.asgi_client.post("/", data=payload, headers=headers)
|
|
|
|
assert request.files.get("test").name == filename
|
|
|
|
|
|
|
|
|
2018-11-10 11:20:30 +00:00
|
|
|
def test_request_multipart_file_with_json_content_type(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
payload = (
|
2018-12-30 11:18:06 +00:00
|
|
|
"------sanic\r\n"
|
2018-12-22 15:21:45 +00:00
|
|
|
'Content-Disposition: form-data; name="file"; filename="test.json"\r\n'
|
2018-12-30 11:18:06 +00:00
|
|
|
"Content-Type: application/json\r\n"
|
|
|
|
"Content-Length: 0"
|
|
|
|
"\r\n"
|
|
|
|
"\r\n"
|
|
|
|
"------sanic--"
|
2018-12-22 15:21:45 +00:00
|
|
|
)
|
2018-11-10 11:20:30 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
headers = {"content-type": "multipart/form-data; boundary=------sanic"}
|
2018-11-10 11:20:30 +00:00
|
|
|
|
|
|
|
request, _ = app.test_client.post(data=payload, headers=headers)
|
2018-12-30 11:18:06 +00:00
|
|
|
assert request.files.get("file").type == "application/json"
|
2018-11-10 11:20:30 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_multipart_file_with_json_content_type_asgi(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
payload = (
|
|
|
|
"------sanic\r\n"
|
|
|
|
'Content-Disposition: form-data; name="file"; filename="test.json"\r\n'
|
|
|
|
"Content-Type: application/json\r\n"
|
|
|
|
"Content-Length: 0"
|
|
|
|
"\r\n"
|
|
|
|
"\r\n"
|
|
|
|
"------sanic--"
|
|
|
|
)
|
|
|
|
|
|
|
|
headers = {"content-type": "multipart/form-data; boundary=------sanic"}
|
|
|
|
|
|
|
|
request, _ = await app.asgi_client.post("/", data=payload, headers=headers)
|
|
|
|
assert request.files.get("file").type == "application/json"
|
|
|
|
|
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
def test_request_multipart_file_without_field_name(app, caplog):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
payload = (
|
|
|
|
'------sanic\r\nContent-Disposition: form-data; filename="test.json"'
|
2018-12-30 11:18:06 +00:00
|
|
|
"\r\nContent-Type: application/json\r\n\r\n\r\n------sanic--"
|
2018-12-22 15:21:45 +00:00
|
|
|
)
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
headers = {"content-type": "multipart/form-data; boundary=------sanic"}
|
|
|
|
|
|
|
|
request, _ = app.test_client.post(
|
|
|
|
data=payload, headers=headers, debug=True
|
|
|
|
)
|
|
|
|
with caplog.at_level(logging.DEBUG):
|
|
|
|
request.form
|
|
|
|
|
|
|
|
assert caplog.record_tuples[-1] == (
|
|
|
|
"sanic.root",
|
|
|
|
logging.DEBUG,
|
|
|
|
"Form-data field does not have a 'name' parameter "
|
|
|
|
"in the Content-Disposition header",
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
def test_request_multipart_file_duplicate_filed_name(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
payload = (
|
|
|
|
"--e73ffaa8b1b2472b8ec848de833cb05b\r\n"
|
|
|
|
'Content-Disposition: form-data; name="file"\r\n'
|
|
|
|
"Content-Type: application/octet-stream\r\n"
|
|
|
|
"Content-Length: 15\r\n"
|
|
|
|
"\r\n"
|
|
|
|
'{"test":"json"}\r\n'
|
|
|
|
"--e73ffaa8b1b2472b8ec848de833cb05b\r\n"
|
|
|
|
'Content-Disposition: form-data; name="file"\r\n'
|
|
|
|
"Content-Type: application/octet-stream\r\n"
|
|
|
|
"Content-Length: 15\r\n"
|
|
|
|
"\r\n"
|
|
|
|
'{"test":"json2"}\r\n'
|
|
|
|
"--e73ffaa8b1b2472b8ec848de833cb05b--\r\n"
|
|
|
|
)
|
|
|
|
|
|
|
|
headers = {
|
|
|
|
"Content-Type": "multipart/form-data; boundary=e73ffaa8b1b2472b8ec848de833cb05b"
|
|
|
|
}
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, _ = app.test_client.post(
|
|
|
|
data=payload, headers=headers, debug=True
|
|
|
|
)
|
2019-06-04 08:58:00 +01:00
|
|
|
assert request.form.getlist("file") == [
|
|
|
|
'{"test":"json"}',
|
|
|
|
'{"test":"json2"}',
|
|
|
|
]
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_multipart_file_duplicate_filed_name_asgi(app):
|
2018-12-22 15:21:45 +00:00
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
payload = (
|
2018-12-30 11:18:06 +00:00
|
|
|
"--e73ffaa8b1b2472b8ec848de833cb05b\r\n"
|
2018-12-22 15:21:45 +00:00
|
|
|
'Content-Disposition: form-data; name="file"\r\n'
|
2018-12-30 11:18:06 +00:00
|
|
|
"Content-Type: application/octet-stream\r\n"
|
|
|
|
"Content-Length: 15\r\n"
|
|
|
|
"\r\n"
|
2018-12-22 15:21:45 +00:00
|
|
|
'{"test":"json"}\r\n'
|
2018-12-30 11:18:06 +00:00
|
|
|
"--e73ffaa8b1b2472b8ec848de833cb05b\r\n"
|
2018-12-22 15:21:45 +00:00
|
|
|
'Content-Disposition: form-data; name="file"\r\n'
|
2018-12-30 11:18:06 +00:00
|
|
|
"Content-Type: application/octet-stream\r\n"
|
|
|
|
"Content-Length: 15\r\n"
|
|
|
|
"\r\n"
|
2018-12-22 15:21:45 +00:00
|
|
|
'{"test":"json2"}\r\n'
|
2018-12-30 11:18:06 +00:00
|
|
|
"--e73ffaa8b1b2472b8ec848de833cb05b--\r\n"
|
2018-12-22 15:21:45 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
headers = {
|
2018-12-30 11:18:06 +00:00
|
|
|
"Content-Type": "multipart/form-data; boundary=e73ffaa8b1b2472b8ec848de833cb05b"
|
2018-12-22 15:21:45 +00:00
|
|
|
}
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
request, _ = await app.asgi_client.post("/", data=payload, headers=headers)
|
2018-12-30 11:18:06 +00:00
|
|
|
assert request.form.getlist("file") == [
|
|
|
|
'{"test":"json"}',
|
|
|
|
'{"test":"json2"}',
|
|
|
|
]
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
|
2018-11-10 11:20:30 +00:00
|
|
|
def test_request_multipart_with_multiple_files_and_type(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
payload = (
|
|
|
|
'------sanic\r\nContent-Disposition: form-data; name="file"; filename="test.json"'
|
|
|
|
"\r\nContent-Type: application/json\r\n\r\n\r\n"
|
|
|
|
'------sanic\r\nContent-Disposition: form-data; name="file"; filename="some_file.pdf"\r\n'
|
|
|
|
"Content-Type: application/pdf\r\n\r\n\r\n------sanic--"
|
|
|
|
)
|
|
|
|
headers = {"content-type": "multipart/form-data; boundary=------sanic"}
|
2018-11-10 11:20:30 +00:00
|
|
|
|
|
|
|
request, _ = app.test_client.post(data=payload, headers=headers)
|
2018-12-30 11:18:06 +00:00
|
|
|
assert len(request.files.getlist("file")) == 2
|
|
|
|
assert request.files.getlist("file")[0].type == "application/json"
|
|
|
|
assert request.files.getlist("file")[1].type == "application/pdf"
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_multipart_with_multiple_files_and_type_asgi(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
payload = (
|
|
|
|
'------sanic\r\nContent-Disposition: form-data; name="file"; filename="test.json"'
|
|
|
|
"\r\nContent-Type: application/json\r\n\r\n\r\n"
|
|
|
|
'------sanic\r\nContent-Disposition: form-data; name="file"; filename="some_file.pdf"\r\n'
|
|
|
|
"Content-Type: application/pdf\r\n\r\n\r\n------sanic--"
|
|
|
|
)
|
|
|
|
headers = {"content-type": "multipart/form-data; boundary=------sanic"}
|
|
|
|
|
|
|
|
request, _ = await app.asgi_client.post("/", data=payload, headers=headers)
|
|
|
|
assert len(request.files.getlist("file")) == 2
|
|
|
|
assert request.files.getlist("file")[0].type == "application/json"
|
|
|
|
assert request.files.getlist("file")[1].type == "application/pdf"
|
|
|
|
|
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
def test_request_repr(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("pass")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
|
|
|
assert repr(request) == "<Request: GET />"
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
request.method = None
|
2019-01-16 16:24:11 +00:00
|
|
|
assert repr(request) == "<Request: None />"
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_repr_asgi(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("pass")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
assert repr(request) == "<Request: GET />"
|
|
|
|
|
|
|
|
request.method = None
|
|
|
|
assert repr(request) == "<Request: None />"
|
|
|
|
|
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
def test_request_bool(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("pass")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
assert bool(request)
|
|
|
|
|
|
|
|
|
|
|
|
def test_request_parsing_form_failed(app, caplog):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/", methods=["POST"])
|
2018-12-22 15:21:45 +00:00
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
payload = "test=OK"
|
|
|
|
headers = {"content-type": "multipart/form-data"}
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.post(
|
|
|
|
"/", data=payload, headers=headers
|
|
|
|
)
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
with caplog.at_level(logging.ERROR):
|
|
|
|
request.form
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert caplog.record_tuples[-1] == (
|
|
|
|
"sanic.error",
|
|
|
|
logging.ERROR,
|
|
|
|
"Failed when parsing form",
|
|
|
|
)
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_parsing_form_failed_asgi(app, caplog):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
payload = "test=OK"
|
|
|
|
headers = {"content-type": "multipart/form-data"}
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.post(
|
|
|
|
"/", data=payload, headers=headers
|
|
|
|
)
|
|
|
|
|
|
|
|
with caplog.at_level(logging.ERROR):
|
|
|
|
request.form
|
|
|
|
|
|
|
|
assert caplog.record_tuples[-1] == (
|
|
|
|
"sanic.error",
|
|
|
|
logging.ERROR,
|
|
|
|
"Failed when parsing form",
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
def test_request_args_no_query_string(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("pass")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
assert request.args == {}
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_args_no_query_string_await(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("pass")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
|
|
|
assert request.args == {}
|
|
|
|
|
|
|
|
|
2019-03-14 14:04:05 +00:00
|
|
|
def test_request_query_args(app):
|
|
|
|
# test multiple params with the same key
|
2019-04-23 22:44:42 +01:00
|
|
|
params = [("test", "value1"), ("test", "value2")]
|
2019-03-14 14:04:05 +00:00
|
|
|
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("pass")
|
|
|
|
|
|
|
|
request, response = app.test_client.get("/", params=params)
|
|
|
|
|
|
|
|
assert request.query_args == params
|
|
|
|
|
|
|
|
# test cached value
|
2019-04-23 22:44:42 +01:00
|
|
|
assert (
|
|
|
|
request.parsed_not_grouped_args[(False, False, "utf-8", "replace")]
|
|
|
|
== request.query_args
|
|
|
|
)
|
2019-03-14 14:04:05 +00:00
|
|
|
|
|
|
|
# test params directly in the url
|
|
|
|
request, response = app.test_client.get("/?test=value1&test=value2")
|
|
|
|
|
|
|
|
assert request.query_args == params
|
|
|
|
|
|
|
|
# test unique params
|
2019-04-23 22:44:42 +01:00
|
|
|
params = [("test1", "value1"), ("test2", "value2")]
|
2019-03-14 14:04:05 +00:00
|
|
|
|
|
|
|
request, response = app.test_client.get("/", params=params)
|
|
|
|
|
|
|
|
assert request.query_args == params
|
|
|
|
|
|
|
|
# test no params
|
|
|
|
request, response = app.test_client.get("/")
|
|
|
|
|
|
|
|
assert not request.query_args
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_query_args_asgi(app):
|
|
|
|
# test multiple params with the same key
|
|
|
|
params = [("test", "value1"), ("test", "value2")]
|
|
|
|
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("pass")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/", params=params)
|
|
|
|
|
|
|
|
assert request.query_args == params
|
|
|
|
|
|
|
|
# test cached value
|
|
|
|
assert (
|
|
|
|
request.parsed_not_grouped_args[(False, False, "utf-8", "replace")]
|
|
|
|
== request.query_args
|
|
|
|
)
|
|
|
|
|
|
|
|
# test params directly in the url
|
|
|
|
request, response = await app.asgi_client.get("/?test=value1&test=value2")
|
|
|
|
|
|
|
|
assert request.query_args == params
|
|
|
|
|
|
|
|
# test unique params
|
|
|
|
params = [("test1", "value1"), ("test2", "value2")]
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/", params=params)
|
|
|
|
|
|
|
|
assert request.query_args == params
|
|
|
|
|
|
|
|
# test no params
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
|
|
|
assert not request.query_args
|
|
|
|
|
|
|
|
|
2019-03-14 14:04:05 +00:00
|
|
|
def test_request_query_args_custom_parsing(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("pass")
|
|
|
|
|
2019-04-23 22:44:42 +01:00
|
|
|
request, response = app.test_client.get(
|
|
|
|
"/?test1=value1&test2=&test3=value3"
|
|
|
|
)
|
2019-03-14 14:04:05 +00:00
|
|
|
|
2019-04-23 22:44:42 +01:00
|
|
|
assert request.get_query_args(keep_blank_values=True) == [
|
|
|
|
("test1", "value1"),
|
|
|
|
("test2", ""),
|
|
|
|
("test3", "value3"),
|
2019-03-14 14:04:05 +00:00
|
|
|
]
|
2019-04-23 22:44:42 +01:00
|
|
|
assert request.query_args == [("test1", "value1"), ("test3", "value3")]
|
|
|
|
assert request.get_query_args(keep_blank_values=False) == [
|
|
|
|
("test1", "value1"),
|
|
|
|
("test3", "value3"),
|
2019-03-14 14:04:05 +00:00
|
|
|
]
|
|
|
|
|
2019-04-23 22:44:42 +01:00
|
|
|
assert request.get_args(keep_blank_values=True) == RequestParameters(
|
2019-03-14 14:04:05 +00:00
|
|
|
{"test1": ["value1"], "test2": [""], "test3": ["value3"]}
|
|
|
|
)
|
|
|
|
|
|
|
|
assert request.args == RequestParameters(
|
|
|
|
{"test1": ["value1"], "test3": ["value3"]}
|
|
|
|
)
|
|
|
|
|
2019-04-23 22:44:42 +01:00
|
|
|
assert request.get_args(keep_blank_values=False) == RequestParameters(
|
2019-03-14 14:04:05 +00:00
|
|
|
{"test1": ["value1"], "test3": ["value3"]}
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_query_args_custom_parsing_asgi(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("pass")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get(
|
|
|
|
"/?test1=value1&test2=&test3=value3"
|
|
|
|
)
|
|
|
|
|
|
|
|
assert request.get_query_args(keep_blank_values=True) == [
|
|
|
|
("test1", "value1"),
|
|
|
|
("test2", ""),
|
|
|
|
("test3", "value3"),
|
|
|
|
]
|
|
|
|
assert request.query_args == [("test1", "value1"), ("test3", "value3")]
|
|
|
|
assert request.get_query_args(keep_blank_values=False) == [
|
|
|
|
("test1", "value1"),
|
|
|
|
("test3", "value3"),
|
|
|
|
]
|
|
|
|
|
|
|
|
assert request.get_args(keep_blank_values=True) == RequestParameters(
|
|
|
|
{"test1": ["value1"], "test2": [""], "test3": ["value3"]}
|
|
|
|
)
|
|
|
|
|
|
|
|
assert request.args == RequestParameters(
|
|
|
|
{"test1": ["value1"], "test3": ["value3"]}
|
|
|
|
)
|
|
|
|
|
|
|
|
assert request.get_args(keep_blank_values=False) == RequestParameters(
|
|
|
|
{"test1": ["value1"], "test3": ["value3"]}
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
def test_request_cookies(app):
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
cookies = {"test": "OK"}
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/", cookies=cookies)
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
assert request.cookies == cookies
|
2018-12-30 11:18:06 +00:00
|
|
|
assert request.cookies == cookies # For request._cookies
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_cookies_asgi(app):
|
|
|
|
|
|
|
|
cookies = {"test": "OK"}
|
|
|
|
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/", cookies=cookies)
|
|
|
|
|
|
|
|
assert request.cookies == cookies
|
|
|
|
assert request.cookies == cookies # For request._cookies
|
|
|
|
|
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
def test_request_cookies_without_cookies(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
assert request.cookies == {}
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_cookies_without_cookies_asgi(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
|
|
|
assert request.cookies == {}
|
|
|
|
|
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
def test_request_port(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
port = request.port
|
|
|
|
assert isinstance(port, int)
|
|
|
|
|
2020-06-29 06:55:32 +01:00
|
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_port_asgi(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
port = request.port
|
|
|
|
assert isinstance(port, int)
|
|
|
|
|
|
|
|
|
|
|
|
def test_request_socket(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
socket = request.socket
|
|
|
|
assert isinstance(socket, tuple)
|
|
|
|
|
|
|
|
ip = socket[0]
|
|
|
|
port = socket[1]
|
|
|
|
|
|
|
|
assert ip == request.ip
|
|
|
|
assert port == request.port
|
|
|
|
|
|
|
|
|
2019-07-04 13:13:43 +01:00
|
|
|
def test_request_server_name(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
request, response = app.test_client.get("/")
|
2019-07-08 08:33:33 +01:00
|
|
|
assert request.server_name == "127.0.0.1"
|
2019-07-04 13:13:43 +01:00
|
|
|
|
|
|
|
|
|
|
|
def test_request_server_name_in_host_header(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
2019-07-08 08:33:33 +01:00
|
|
|
request, response = app.test_client.get(
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
"/", headers={"Host": "my-server:5555"}
|
2019-07-08 08:33:33 +01:00
|
|
|
)
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
assert request.server_name == "my-server"
|
|
|
|
|
|
|
|
request, response = app.test_client.get(
|
|
|
|
"/", headers={"Host": "[2a00:1450:400f:80c::200e]:5555"}
|
|
|
|
)
|
|
|
|
assert request.server_name == "[2a00:1450:400f:80c::200e]"
|
|
|
|
|
|
|
|
request, response = app.test_client.get(
|
|
|
|
"/", headers={"Host": "mal_formed"}
|
|
|
|
)
|
2020-06-29 06:55:32 +01:00
|
|
|
assert request.server_name == ""
|
2019-07-04 13:13:43 +01:00
|
|
|
|
|
|
|
|
|
|
|
def test_request_server_name_forwarded(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
app.config.PROXIES_COUNT = 1
|
2019-07-08 08:33:33 +01:00
|
|
|
request, response = app.test_client.get(
|
|
|
|
"/",
|
2019-10-23 17:12:20 +01:00
|
|
|
headers={
|
|
|
|
"Host": "my-server:5555",
|
|
|
|
"X-Forwarded-For": "127.1.2.3",
|
|
|
|
"X-Forwarded-Host": "your-server",
|
|
|
|
},
|
2019-07-08 08:33:33 +01:00
|
|
|
)
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
assert request.server_name == "your-server"
|
2019-07-04 13:13:43 +01:00
|
|
|
|
|
|
|
|
|
|
|
def test_request_server_port(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
2020-03-26 04:42:46 +00:00
|
|
|
test_client = SanicTestClient(app)
|
|
|
|
request, response = test_client.get("/", headers={"Host": "my-server"})
|
2020-06-29 06:55:32 +01:00
|
|
|
assert request.server_port == 80
|
2019-07-04 13:13:43 +01:00
|
|
|
|
|
|
|
|
|
|
|
def test_request_server_port_in_host_header(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
2019-07-08 08:33:33 +01:00
|
|
|
request, response = app.test_client.get(
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
"/", headers={"Host": "my-server:5555"}
|
2019-07-08 08:33:33 +01:00
|
|
|
)
|
2019-07-04 13:13:43 +01:00
|
|
|
assert request.server_port == 5555
|
|
|
|
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request, response = app.test_client.get(
|
|
|
|
"/", headers={"Host": "[2a00:1450:400f:80c::200e]:5555"}
|
|
|
|
)
|
|
|
|
assert request.server_port == 5555
|
|
|
|
|
|
|
|
request, response = app.test_client.get(
|
|
|
|
"/", headers={"Host": "mal_formed:5555"}
|
|
|
|
)
|
2020-03-26 04:42:46 +00:00
|
|
|
if PORT is None:
|
|
|
|
assert request.server_port != 5555
|
|
|
|
else:
|
|
|
|
assert request.server_port == app.test_client.port
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
|
2019-07-04 13:13:43 +01:00
|
|
|
|
|
|
|
def test_request_server_port_forwarded(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
app.config.PROXIES_COUNT = 1
|
2019-07-08 08:33:33 +01:00
|
|
|
request, response = app.test_client.get(
|
2019-10-23 17:12:20 +01:00
|
|
|
"/",
|
|
|
|
headers={
|
|
|
|
"Host": "my-server:5555",
|
|
|
|
"X-Forwarded-For": "127.1.2.3",
|
|
|
|
"X-Forwarded-Port": "4444",
|
|
|
|
},
|
2019-07-08 08:33:33 +01:00
|
|
|
)
|
2019-07-04 13:13:43 +01:00
|
|
|
assert request.server_port == 4444
|
|
|
|
|
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
def test_request_form_invalid_content_type(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.post("/", json={"test": "OK"})
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
assert request.form == {}
|
2018-12-31 11:40:07 +00:00
|
|
|
|
|
|
|
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
def test_server_name_and_url_for(app):
|
|
|
|
@app.get("/foo")
|
|
|
|
def handler(request):
|
|
|
|
return text("ok")
|
|
|
|
|
2020-06-29 06:55:32 +01:00
|
|
|
app.config.SERVER_NAME = "my-server" # This means default port
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
assert app.url_for("handler", _external=True) == "http://my-server/foo"
|
|
|
|
request, response = app.test_client.get("/foo")
|
2020-07-07 14:13:03 +01:00
|
|
|
assert request.url_for("handler") == f"http://my-server/foo"
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
|
|
|
|
app.config.SERVER_NAME = "https://my-server/path"
|
|
|
|
request, response = app.test_client.get("/foo")
|
|
|
|
url = f"https://my-server/path/foo"
|
|
|
|
assert app.url_for("handler", _external=True) == url
|
|
|
|
assert request.url_for("handler") == url
|
|
|
|
|
|
|
|
|
2019-07-04 13:13:43 +01:00
|
|
|
def test_url_for_with_forwarded_request(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
@app.get("/another_view/")
|
|
|
|
def view_name(request):
|
|
|
|
return text("OK")
|
|
|
|
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
app.config.SERVER_NAME = "my-server"
|
|
|
|
app.config.PROXIES_COUNT = 1
|
2019-07-08 08:33:33 +01:00
|
|
|
request, response = app.test_client.get(
|
2019-10-23 17:12:20 +01:00
|
|
|
"/",
|
|
|
|
headers={
|
|
|
|
"X-Forwarded-For": "127.1.2.3",
|
|
|
|
"X-Forwarded-Proto": "https",
|
|
|
|
"X-Forwarded-Port": "6789",
|
|
|
|
},
|
2019-07-08 08:33:33 +01:00
|
|
|
)
|
|
|
|
assert app.url_for("view_name") == "/another_view"
|
|
|
|
assert (
|
|
|
|
app.url_for("view_name", _external=True)
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
== "http://my-server/another_view"
|
2019-07-08 08:33:33 +01:00
|
|
|
)
|
|
|
|
assert (
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request.url_for("view_name") == "https://my-server:6789/another_view"
|
2019-07-08 08:33:33 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
request, response = app.test_client.get(
|
2019-10-23 17:12:20 +01:00
|
|
|
"/",
|
|
|
|
headers={
|
|
|
|
"X-Forwarded-For": "127.1.2.3",
|
|
|
|
"X-Forwarded-Proto": "https",
|
|
|
|
"X-Forwarded-Port": "443",
|
|
|
|
},
|
2019-07-08 08:33:33 +01:00
|
|
|
)
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
assert request.url_for("view_name") == "https://my-server/another_view"
|
2019-07-08 08:33:33 +01:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_form_invalid_content_type_asgi(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.post("/", json={"test": "OK"})
|
|
|
|
|
|
|
|
assert request.form == {}
|
|
|
|
|
2019-07-08 08:33:33 +01:00
|
|
|
|
2018-12-31 11:40:07 +00:00
|
|
|
def test_endpoint_basic():
|
2020-03-26 04:42:46 +00:00
|
|
|
app = Sanic(name=__name__)
|
2018-12-31 11:40:07 +00:00
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
def my_unique_handler(request):
|
|
|
|
return text("Hello")
|
|
|
|
|
|
|
|
request, response = app.test_client.get("/")
|
|
|
|
|
|
|
|
assert request.endpoint == "test_requests.my_unique_handler"
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_endpoint_basic_asgi():
|
2020-03-26 04:42:46 +00:00
|
|
|
app = Sanic(name=__name__)
|
2019-06-04 08:58:00 +01:00
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
def my_unique_handler(request):
|
|
|
|
return text("Hello")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
|
|
|
assert request.endpoint == "test_requests.my_unique_handler"
|
|
|
|
|
|
|
|
|
2018-12-31 11:40:07 +00:00
|
|
|
def test_endpoint_named_app():
|
|
|
|
app = Sanic("named")
|
|
|
|
|
|
|
|
@app.route("/")
|
2017-10-17 06:40:21 +01:00
|
|
|
def my_unique_handler(request):
|
2018-12-31 11:40:07 +00:00
|
|
|
return text("Hello")
|
|
|
|
|
|
|
|
request, response = app.test_client.get("/")
|
|
|
|
|
|
|
|
assert request.endpoint == "named.my_unique_handler"
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_endpoint_named_app_asgi():
|
|
|
|
app = Sanic("named")
|
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
def my_unique_handler(request):
|
|
|
|
return text("Hello")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
|
|
|
assert request.endpoint == "named.my_unique_handler"
|
|
|
|
|
|
|
|
|
2018-12-31 11:40:07 +00:00
|
|
|
def test_endpoint_blueprint():
|
|
|
|
bp = Blueprint("my_blueprint", url_prefix="/bp")
|
|
|
|
|
|
|
|
@bp.route("/")
|
|
|
|
async def bp_root(request):
|
|
|
|
return text("Hello")
|
|
|
|
|
|
|
|
app = Sanic("named")
|
|
|
|
app.blueprint(bp)
|
2017-10-17 06:40:21 +01:00
|
|
|
|
2018-12-31 11:40:07 +00:00
|
|
|
request, response = app.test_client.get("/bp")
|
2017-10-17 06:40:21 +01:00
|
|
|
|
2018-12-31 11:40:07 +00:00
|
|
|
assert request.endpoint == "named.my_blueprint.bp_root"
|
2019-06-04 08:58:00 +01:00
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_endpoint_blueprint_asgi():
|
|
|
|
bp = Blueprint("my_blueprint", url_prefix="/bp")
|
|
|
|
|
|
|
|
@bp.route("/")
|
|
|
|
async def bp_root(request):
|
|
|
|
return text("Hello")
|
|
|
|
|
|
|
|
app = Sanic("named")
|
|
|
|
app.blueprint(bp)
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/bp")
|
|
|
|
|
|
|
|
assert request.endpoint == "named.my_blueprint.bp_root"
|
2019-11-01 17:32:49 +00:00
|
|
|
|
|
|
|
|
|
|
|
def test_url_for_without_server_name(app):
|
|
|
|
@app.route("/sample")
|
|
|
|
def sample(request):
|
|
|
|
return json({"url": request.url_for("url_for")})
|
|
|
|
|
|
|
|
@app.route("/url-for")
|
|
|
|
def url_for(request):
|
|
|
|
return text("url-for")
|
|
|
|
|
|
|
|
request, response = app.test_client.get("/sample")
|
|
|
|
assert (
|
|
|
|
response.json["url"]
|
2020-03-26 04:42:46 +00:00
|
|
|
== f"http://127.0.0.1:{request.server_port}/url-for"
|
2019-11-01 17:32:49 +00:00
|
|
|
)
|
Streaming Server (#1876)
* Streaming request by async for.
* Make all requests streaming and preload body for non-streaming handlers.
* Cleanup of code and avoid mixing streaming responses.
* Async http protocol loop.
* Change of test: don't require early bad request error but only after CRLF-CRLF.
* Add back streaming requests.
* Rewritten request body parser.
* Misc. cleanup, down to 4 failing tests.
* All tests OK.
* Entirely remove request body queue.
* Let black f*ckup the layout
* Better testing error messages on protocol errors.
* Remove StreamBuffer tests because the type is about to be removed.
* Remove tests using the deprecated get_headers function that can no longer be supported. Chunked mode is now autodetected, so do not put content-length header if chunked mode is preferred.
* Major refactoring of HTTP protocol handling (new module http.py added), all requests made streaming. A few compatibility issues and a lot of cleanup to be done remain, 16 tests failing.
* Terminate check_timeouts once connection_task finishes.
* Code cleanup, 14 tests failing.
* Much cleanup, 12 failing...
* Even more cleanup and error checking, 8 failing tests.
* Remove keep-alive header from responses. First of all, it should say timeout=<value> which wasn't the case with existing implementation, and secondly none of the other web servers I tried include this header.
* Everything but CustomServer OK.
* Linter
* Disable custom protocol test
* Remove unnecessary variables, optimise performance.
* A test was missing that body_init/body_push/body_finish are never called. Rewritten using receive_body and case switching to make it fail if bypassed.
* Minor fixes.
* Remove unused code.
* Py 3.8 check for deprecated loop argument.
* Fix a middleware cancellation handling test with py38.
* Linter 'n fixes
* Typing
* Stricter handling of request header size
* More specific error messages on Payload Too Large.
* Init http.response = None
* Messages further tuned.
* Always try to consume request body, plus minor cleanup.
* Add a missing check in case of close_if_idle on a dead connection.
* Avoid error messages on PayloadTooLarge.
* Add test for new API.
* json takes str, not bytes
* Default to no maximum request size for streaming handlers.
* Fix chunked mode crash.
* Header values should be strictly ASCII but both UTF-8 and Latin-1 exist. Use UTF-8B to
cope with all.
* Refactoring and cleanup.
* Unify response header processing of ASGI and asyncio modes.
* Avoid special handling of StreamingHTTPResponse.
* 35 % speedup in HTTP/1.1 response formatting (not so much overall effect).
* Duplicate set-cookie headers were being produced.
* Cleanup processed_headers some more.
* Linting
* Import ordering
* Response middleware ran by async request.respond().
* Need to check if transport is closing to avoid getting stuck in sending loops after peer has disconnected.
* Middleware and error handling refactoring.
* Linter
* Fix tracking of HTTP stage when writing to transport fails.
* Add clarifying comment
* Add a check for request body functions and a test for NotImplementedError.
* Linter and typing
* These must be tuples + hack mypy warnings away.
* New streaming test and minor fixes.
* Constant receive buffer size.
* 256 KiB send and receive buffers.
* Revert "256 KiB send and receive buffers."
This reverts commit abc1e3edb21a5e6925fa4c856657559608a8d65b.
* app.handle_exception already sends the response.
* Improved handling of errors during request.
* An odd hack to avoid an httpx limitation that causes test failures.
* Limit request header size to 8 KiB at most.
* Remove unnecessary use of format string.
* Cleanup tests
* Remove artifact
* Fix type checking
* Mark test for skipping
* Cleanup some edge cases
* Add ignore_body flag to safe methods
* Add unit tests for timeout logic
* Add unit tests for timeout logic
* Fix Mock usage in timeout test
* Change logging test to only logger in handler
* Windows py3.8 logging issue with current testing client
* Add test_header_size_exceeded
* Resolve merge conflicts
* Add request middleware to hard exception handling
* Add request middleware to hard exception handling
* Request middleware on exception handlers
* Linting
* Cleanup deprecations
Co-authored-by: L. Kärkkäinen <tronic@users.noreply.github.com>
Co-authored-by: Adam Hopkins <admhpkns@gmail.com>
2021-01-10 22:45:36 +00:00
|
|
|
|
|
|
|
|
|
|
|
def test_safe_method_with_body_ignored(app):
|
|
|
|
@app.get("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
payload = {"test": "OK"}
|
|
|
|
headers = {"content-type": "application/json"}
|
|
|
|
|
|
|
|
request, response = app.test_client.request(
|
|
|
|
"/", http_method="get", data=json_dumps(payload), headers=headers
|
|
|
|
)
|
|
|
|
|
|
|
|
assert request.body == b""
|
|
|
|
assert request.json == None
|
|
|
|
assert response.text == "OK"
|
|
|
|
|
|
|
|
|
|
|
|
def test_safe_method_with_body(app):
|
|
|
|
@app.get("/", ignore_body=False)
|
|
|
|
async def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
payload = {"test": "OK"}
|
|
|
|
headers = {"content-type": "application/json"}
|
|
|
|
data = json_dumps(payload)
|
|
|
|
request, response = app.test_client.request(
|
|
|
|
"/", http_method="get", data=data, headers=headers
|
|
|
|
)
|
|
|
|
|
|
|
|
assert request.body == data.encode("utf-8")
|
|
|
|
assert request.json.get("test") == "OK"
|
|
|
|
assert response.text == "OK"
|