2018-12-22 15:21:45 +00:00
|
|
|
import logging
|
2017-03-03 16:44:50 +00:00
|
|
|
import os
|
|
|
|
import ssl
|
2019-04-23 22:44:42 +01:00
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
from json import dumps as json_dumps
|
|
|
|
from json import loads as json_loads
|
|
|
|
from urllib.parse import urlparse
|
2017-01-31 01:04:51 +00:00
|
|
|
|
|
|
|
import pytest
|
|
|
|
|
2019-04-23 22:44:42 +01:00
|
|
|
from sanic import Blueprint, Sanic
|
2017-01-31 01:04:51 +00:00
|
|
|
from sanic.exceptions import ServerError
|
2019-03-14 14:04:05 +00:00
|
|
|
from sanic.request import DEFAULT_HTTP_CONTENT_TYPE, RequestParameters
|
2019-12-15 16:40:25 +00:00
|
|
|
from sanic.response import html, json, text
|
2019-06-04 08:58:00 +01:00
|
|
|
from sanic.testing import ASGI_HOST, HOST, PORT
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2019-04-23 22:44:42 +01:00
|
|
|
|
2016-10-14 11:23:48 +01:00
|
|
|
# ------------------------------------------------------------ #
|
|
|
|
# GET
|
|
|
|
# ------------------------------------------------------------ #
|
|
|
|
|
2016-10-15 03:53:49 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
def test_sync(app):
|
|
|
|
@app.route("/")
|
2016-10-15 03:53:49 +01:00
|
|
|
def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("Hello")
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert response.text == "Hello"
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
|
2019-05-21 23:42:19 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_sync_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("Hello")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
|
|
|
assert response.text == "Hello"
|
|
|
|
|
|
|
|
|
2019-04-16 14:30:28 +01:00
|
|
|
def test_ip(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2017-10-24 05:01:44 +01:00
|
|
|
def handler(request):
|
|
|
|
return text("{}".format(request.ip))
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2017-10-24 05:01:44 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert response.text == "127.0.0.1"
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
|
2019-05-21 23:42:19 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_ip_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
def handler(request):
|
2019-12-21 03:23:52 +00:00
|
|
|
return text("{}".format(request.url))
|
2019-05-21 23:42:19 +01:00
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
2019-12-21 03:23:52 +00:00
|
|
|
assert response.text == "http://mockserver/"
|
2019-05-21 23:42:19 +01:00
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_text(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2016-10-15 03:53:49 +01:00
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("Hello")
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert response.text == "Hello"
|
2016-10-14 11:23:48 +01:00
|
|
|
|
|
|
|
|
2019-12-15 16:40:25 +00:00
|
|
|
def test_html(app):
|
|
|
|
class Foo:
|
|
|
|
def __html__(self):
|
|
|
|
return "<h1>Foo</h1>"
|
|
|
|
|
|
|
|
def _repr_html_(self):
|
|
|
|
return "<h1>Foo object repr</h1>"
|
|
|
|
|
|
|
|
class Bar:
|
|
|
|
def _repr_html_(self):
|
|
|
|
return "<h1>Bar object repr</h1>"
|
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return html("<h1>Hello</h1>")
|
|
|
|
|
|
|
|
@app.route("/foo")
|
|
|
|
async def handler(request):
|
|
|
|
return html(Foo())
|
|
|
|
|
|
|
|
@app.route("/bar")
|
|
|
|
async def handler(request):
|
|
|
|
return html(Bar())
|
|
|
|
|
|
|
|
request, response = app.test_client.get("/")
|
|
|
|
assert response.content_type == "text/html; charset=utf-8"
|
|
|
|
assert response.text == "<h1>Hello</h1>"
|
|
|
|
|
|
|
|
request, response = app.test_client.get("/foo")
|
|
|
|
assert response.text == "<h1>Foo</h1>"
|
|
|
|
|
|
|
|
request, response = app.test_client.get("/bar")
|
|
|
|
assert response.text == "<h1>Bar object repr</h1>"
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_text_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text("Hello")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
|
|
|
assert response.text == "Hello"
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_headers(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2016-12-14 05:24:26 +00:00
|
|
|
async def handler(request):
|
|
|
|
headers = {"spam": "great"}
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("Hello", headers=headers)
|
2016-12-14 05:24:26 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2016-12-14 05:24:26 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert response.headers.get("spam") == "great"
|
2016-12-14 05:24:26 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_headers_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
headers = {"spam": "great"}
|
|
|
|
return text("Hello", headers=headers)
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
|
|
|
assert response.headers.get("spam") == "great"
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_non_str_headers(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2016-12-14 05:24:26 +00:00
|
|
|
async def handler(request):
|
|
|
|
headers = {"answer": 42}
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("Hello", headers=headers)
|
2016-12-14 05:24:26 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2016-12-14 05:24:26 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert response.headers.get("answer") == "42"
|
Fix sanic_endpoint_test working with redirects
Before fix, it raises error like:
```
tests/test_utils.py F
================================= FAILURES =================================
______________________________ test_redirect _______________________________
app = <sanic.sanic.Sanic object at 0x1045fda20>, method = 'get', uri = '/1', gather_request = True, debug = False
server_kwargs = {}, request_args = (), request_kwargs = {}
_collect_request = <function sanic_endpoint_test.<locals>._collect_request at 0x1045ec950>
_collect_response = <function sanic_endpoint_test.<locals>._collect_response at 0x1045ec7b8>
def sanic_endpoint_test(app, method='get', uri='/', gather_request=True,
debug=False, server_kwargs={},
*request_args, **request_kwargs):
results = []
exceptions = []
if gather_request:
def _collect_request(request):
results.append(request)
app.request_middleware.appendleft(_collect_request)
async def _collect_response(sanic, loop):
try:
response = await local_request(method, uri, *request_args,
**request_kwargs)
results.append(response)
except Exception as e:
exceptions.append(e)
app.stop()
app.run(host=HOST, debug=debug, port=PORT,
after_start=_collect_response, **server_kwargs)
if exceptions:
raise ValueError("Exception during request: {}".format(exceptions))
if gather_request:
try:
> request, response = results
E ValueError: too many values to unpack (expected 2)
sanic/utils.py:47: ValueError
During handling of the above exception, another exception occurred:
utils_app = <sanic.sanic.Sanic object at 0x1045fda20>
def test_redirect(utils_app):
"""Test sanic_endpoint_test is working for redirection"""
> request, response = sanic_endpoint_test(utils_app, uri='/1')
tests/test_utils.py:33:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
app = <sanic.sanic.Sanic object at 0x1045fda20>, method = 'get', uri = '/1', gather_request = True, debug = False
server_kwargs = {}, request_args = (), request_kwargs = {}
_collect_request = <function sanic_endpoint_test.<locals>._collect_request at 0x1045ec950>
_collect_response = <function sanic_endpoint_test.<locals>._collect_response at 0x1045ec7b8>
def sanic_endpoint_test(app, method='get', uri='/', gather_request=True,
debug=False, server_kwargs={},
*request_args, **request_kwargs):
results = []
exceptions = []
if gather_request:
def _collect_request(request):
results.append(request)
app.request_middleware.appendleft(_collect_request)
async def _collect_response(sanic, loop):
try:
response = await local_request(method, uri, *request_args,
**request_kwargs)
results.append(response)
except Exception as e:
exceptions.append(e)
app.stop()
app.run(host=HOST, debug=debug, port=PORT,
after_start=_collect_response, **server_kwargs)
if exceptions:
raise ValueError("Exception during request: {}".format(exceptions))
if gather_request:
try:
request, response = results
return request, response
except:
raise ValueError(
"Request and response object expected, got ({})".format(
> results))
E ValueError: Request and response object expected, got ([{}, {}, {}, <ClientResponse(http://127.0.0.1:42101/3) [200 OK]>
E <CIMultiDictProxy('Content-Type': 'text/plain; charset=utf-8', 'Content-Length': '2', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=1')>
E ])
sanic/utils.py:52: ValueError
```
2017-02-02 09:51:33 +00:00
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_non_str_headers_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
headers = {"answer": 42}
|
|
|
|
return text("Hello", headers=headers)
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
|
|
|
assert response.headers.get("answer") == "42"
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_invalid_response(app):
|
2016-12-13 20:20:16 +00:00
|
|
|
@app.exception(ServerError)
|
|
|
|
def handler_exception(request, exception):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("Internal Server Error.", 500)
|
2016-12-14 05:24:26 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2016-12-13 20:20:16 +00:00
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return "This should fail"
|
2016-12-13 20:20:16 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2016-12-13 20:20:16 +00:00
|
|
|
assert response.status == 500
|
|
|
|
assert response.text == "Internal Server Error."
|
Fix sanic_endpoint_test working with redirects
Before fix, it raises error like:
```
tests/test_utils.py F
================================= FAILURES =================================
______________________________ test_redirect _______________________________
app = <sanic.sanic.Sanic object at 0x1045fda20>, method = 'get', uri = '/1', gather_request = True, debug = False
server_kwargs = {}, request_args = (), request_kwargs = {}
_collect_request = <function sanic_endpoint_test.<locals>._collect_request at 0x1045ec950>
_collect_response = <function sanic_endpoint_test.<locals>._collect_response at 0x1045ec7b8>
def sanic_endpoint_test(app, method='get', uri='/', gather_request=True,
debug=False, server_kwargs={},
*request_args, **request_kwargs):
results = []
exceptions = []
if gather_request:
def _collect_request(request):
results.append(request)
app.request_middleware.appendleft(_collect_request)
async def _collect_response(sanic, loop):
try:
response = await local_request(method, uri, *request_args,
**request_kwargs)
results.append(response)
except Exception as e:
exceptions.append(e)
app.stop()
app.run(host=HOST, debug=debug, port=PORT,
after_start=_collect_response, **server_kwargs)
if exceptions:
raise ValueError("Exception during request: {}".format(exceptions))
if gather_request:
try:
> request, response = results
E ValueError: too many values to unpack (expected 2)
sanic/utils.py:47: ValueError
During handling of the above exception, another exception occurred:
utils_app = <sanic.sanic.Sanic object at 0x1045fda20>
def test_redirect(utils_app):
"""Test sanic_endpoint_test is working for redirection"""
> request, response = sanic_endpoint_test(utils_app, uri='/1')
tests/test_utils.py:33:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
app = <sanic.sanic.Sanic object at 0x1045fda20>, method = 'get', uri = '/1', gather_request = True, debug = False
server_kwargs = {}, request_args = (), request_kwargs = {}
_collect_request = <function sanic_endpoint_test.<locals>._collect_request at 0x1045ec950>
_collect_response = <function sanic_endpoint_test.<locals>._collect_response at 0x1045ec7b8>
def sanic_endpoint_test(app, method='get', uri='/', gather_request=True,
debug=False, server_kwargs={},
*request_args, **request_kwargs):
results = []
exceptions = []
if gather_request:
def _collect_request(request):
results.append(request)
app.request_middleware.appendleft(_collect_request)
async def _collect_response(sanic, loop):
try:
response = await local_request(method, uri, *request_args,
**request_kwargs)
results.append(response)
except Exception as e:
exceptions.append(e)
app.stop()
app.run(host=HOST, debug=debug, port=PORT,
after_start=_collect_response, **server_kwargs)
if exceptions:
raise ValueError("Exception during request: {}".format(exceptions))
if gather_request:
try:
request, response = results
return request, response
except:
raise ValueError(
"Request and response object expected, got ({})".format(
> results))
E ValueError: Request and response object expected, got ([{}, {}, {}, <ClientResponse(http://127.0.0.1:42101/3) [200 OK]>
E <CIMultiDictProxy('Content-Type': 'text/plain; charset=utf-8', 'Content-Length': '2', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=1')>
E ])
sanic/utils.py:52: ValueError
```
2017-02-02 09:51:33 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_invalid_response_asgi(app):
|
|
|
|
@app.exception(ServerError)
|
|
|
|
def handler_exception(request, exception):
|
|
|
|
return text("Internal Server Error.", 500)
|
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return "This should fail"
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
assert response.status == 500
|
|
|
|
assert response.text == "Internal Server Error."
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_json(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2016-10-15 03:53:49 +01:00
|
|
|
async def handler(request):
|
|
|
|
return json({"test": True})
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2017-03-06 08:33:34 +00:00
|
|
|
results = json_loads(response.text)
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert results.get("test") is True
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-02-01 16:51:51 +00:00
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_json_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return json({"test": True})
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
|
|
|
results = json_loads(response.text)
|
|
|
|
|
|
|
|
assert results.get("test") is True
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_empty_json(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2017-03-06 08:33:34 +00:00
|
|
|
async def handler(request):
|
2018-02-01 10:52:55 +00:00
|
|
|
assert request.json is None
|
2017-03-06 08:33:34 +00:00
|
|
|
return json(request.json)
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2017-03-06 08:33:34 +00:00
|
|
|
assert response.status == 200
|
2018-12-30 11:18:06 +00:00
|
|
|
assert response.text == "null"
|
2018-02-01 10:52:55 +00:00
|
|
|
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_empty_json_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
assert request.json is None
|
|
|
|
return json(request.json)
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
assert response.status == 200
|
|
|
|
assert response.text == "null"
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_invalid_json(app):
|
2019-12-21 03:23:52 +00:00
|
|
|
@app.post("/")
|
2016-12-08 04:33:56 +00:00
|
|
|
async def handler(request):
|
2017-03-06 08:33:34 +00:00
|
|
|
return json(request.json)
|
2016-12-08 04:33:56 +00:00
|
|
|
|
|
|
|
data = "I am not json"
|
2019-12-21 03:23:52 +00:00
|
|
|
request, response = app.test_client.post("/", data=data)
|
2016-12-08 04:33:56 +00:00
|
|
|
|
|
|
|
assert response.status == 400
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_invalid_json_asgi(app):
|
2019-12-21 03:23:52 +00:00
|
|
|
@app.post("/")
|
2019-06-04 08:58:00 +01:00
|
|
|
async def handler(request):
|
|
|
|
return json(request.json)
|
|
|
|
|
|
|
|
data = "I am not json"
|
2019-12-21 03:23:52 +00:00
|
|
|
request, response = await app.asgi_client.post("/", data=data)
|
2019-06-04 08:58:00 +01:00
|
|
|
|
|
|
|
assert response.status == 400
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_query_string(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2016-10-15 03:53:49 +01:00
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2017-02-14 19:51:20 +00:00
|
|
|
request, response = app.test_client.get(
|
2018-12-30 11:18:06 +00:00
|
|
|
"/", params=[("test1", "1"), ("test2", "false"), ("test2", "true")]
|
|
|
|
)
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert request.args.get("test1") == "1"
|
|
|
|
assert request.args.get("test2") == "false"
|
2019-03-14 14:04:05 +00:00
|
|
|
assert request.args.getlist("test2") == ["false", "true"]
|
|
|
|
assert request.args.getlist("test1") == ["1"]
|
|
|
|
assert request.args.get("test3", default="My value") == "My value"
|
2016-10-14 11:23:48 +01:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_query_string_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get(
|
|
|
|
"/", params=[("test1", "1"), ("test2", "false"), ("test2", "true")]
|
|
|
|
)
|
|
|
|
|
|
|
|
assert request.args.get("test1") == "1"
|
|
|
|
assert request.args.get("test2") == "false"
|
|
|
|
assert request.args.getlist("test2") == ["false", "true"]
|
|
|
|
assert request.args.getlist("test1") == ["1"]
|
|
|
|
assert request.args.get("test3", default="My value") == "My value"
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_uri_template(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/foo/<id:int>/bar/<name:[A-z]+>")
|
2019-02-28 14:56:41 +00:00
|
|
|
async def handler(request, id, name):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2017-04-30 11:01:17 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/foo/123/bar/baz")
|
|
|
|
assert request.uri_template == "/foo/<id:int>/bar/<name:[A-z]+>"
|
2017-04-30 11:01:17 +01:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_uri_template_asgi(app):
|
|
|
|
@app.route("/foo/<id:int>/bar/<name:[A-z]+>")
|
|
|
|
async def handler(request, id, name):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/foo/123/bar/baz")
|
|
|
|
assert request.uri_template == "/foo/<id:int>/bar/<name:[A-z]+>"
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_token(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2016-12-26 11:48:53 +00:00
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2016-12-26 11:48:53 +00:00
|
|
|
|
|
|
|
# uuid4 generated token.
|
2018-12-30 11:18:06 +00:00
|
|
|
token = "a1d895e0-553a-421a-8e22-5ff8ecb48cbf"
|
2017-04-22 06:36:02 +01:00
|
|
|
headers = {
|
2018-12-30 11:18:06 +00:00
|
|
|
"content-type": "application/json",
|
|
|
|
"Authorization": "{}".format(token),
|
2017-04-22 06:36:02 +01:00
|
|
|
}
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
2017-04-22 06:36:02 +01:00
|
|
|
|
|
|
|
assert request.token == token
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
token = "a1d895e0-553a-421a-8e22-5ff8ecb48cbf"
|
2016-12-26 11:48:53 +00:00
|
|
|
headers = {
|
2018-12-30 11:18:06 +00:00
|
|
|
"content-type": "application/json",
|
|
|
|
"Authorization": "Token {}".format(token),
|
2016-12-26 11:48:53 +00:00
|
|
|
}
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
2016-12-26 11:48:53 +00:00
|
|
|
|
|
|
|
assert request.token == token
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
token = "a1d895e0-553a-421a-8e22-5ff8ecb48cbf"
|
2017-06-22 17:11:23 +01:00
|
|
|
headers = {
|
2018-12-30 11:18:06 +00:00
|
|
|
"content-type": "application/json",
|
|
|
|
"Authorization": "Bearer {}".format(token),
|
2017-06-22 17:11:23 +01:00
|
|
|
}
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
2017-06-22 17:11:23 +01:00
|
|
|
|
2017-04-22 06:36:02 +01:00
|
|
|
assert request.token == token
|
|
|
|
|
2017-05-17 10:15:45 +01:00
|
|
|
# no Authorization headers
|
2018-12-30 11:18:06 +00:00
|
|
|
headers = {"content-type": "application/json"}
|
2017-05-17 10:15:45 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
2017-05-17 10:15:45 +01:00
|
|
|
|
|
|
|
assert request.token is None
|
2017-04-22 06:36:02 +01:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_token_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
# uuid4 generated token.
|
|
|
|
token = "a1d895e0-553a-421a-8e22-5ff8ecb48cbf"
|
|
|
|
headers = {
|
|
|
|
"content-type": "application/json",
|
|
|
|
"Authorization": "{}".format(token),
|
|
|
|
}
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
|
|
|
|
assert request.token == token
|
|
|
|
|
|
|
|
token = "a1d895e0-553a-421a-8e22-5ff8ecb48cbf"
|
|
|
|
headers = {
|
|
|
|
"content-type": "application/json",
|
|
|
|
"Authorization": "Token {}".format(token),
|
|
|
|
}
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
|
|
|
|
assert request.token == token
|
|
|
|
|
|
|
|
token = "a1d895e0-553a-421a-8e22-5ff8ecb48cbf"
|
|
|
|
headers = {
|
|
|
|
"content-type": "application/json",
|
|
|
|
"Authorization": "Bearer {}".format(token),
|
|
|
|
}
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
|
|
|
|
assert request.token == token
|
|
|
|
|
|
|
|
# no Authorization headers
|
|
|
|
headers = {"content-type": "application/json"}
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
|
|
|
|
assert request.token is None
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_content_type(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2017-06-08 04:48:07 +01:00
|
|
|
async def handler(request):
|
2017-06-09 01:25:22 +01:00
|
|
|
return text(request.content_type)
|
2017-06-08 04:48:07 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2017-06-08 04:48:07 +01:00
|
|
|
assert request.content_type == DEFAULT_HTTP_CONTENT_TYPE
|
2017-06-09 01:25:22 +01:00
|
|
|
assert response.text == DEFAULT_HTTP_CONTENT_TYPE
|
2017-06-08 04:48:07 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
headers = {"content-type": "application/json"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.content_type == "application/json"
|
|
|
|
assert response.text == "application/json"
|
2017-06-08 04:48:07 +01:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_content_type_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text(request.content_type)
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
assert request.content_type == DEFAULT_HTTP_CONTENT_TYPE
|
|
|
|
assert response.text == DEFAULT_HTTP_CONTENT_TYPE
|
|
|
|
|
|
|
|
headers = {"content-type": "application/json"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.content_type == "application/json"
|
|
|
|
assert response.text == "application/json"
|
|
|
|
|
|
|
|
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
def test_standard_forwarded(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return json(request.forwarded)
|
|
|
|
|
|
|
|
# Without configured FORWARDED_SECRET, x-headers should be respected
|
|
|
|
app.config.PROXIES_COUNT = 1
|
|
|
|
app.config.REAL_IP_HEADER = "x-real-ip"
|
|
|
|
headers = {
|
|
|
|
"Forwarded": (
|
|
|
|
'for=1.1.1.1, for=injected;host="'
|
|
|
|
', for="[::2]";proto=https;host=me.tld;path="/app/";secret=mySecret'
|
2019-10-23 17:12:20 +01:00
|
|
|
",for=broken;;secret=b0rked"
|
|
|
|
", for=127.0.0.3;scheme=http;port=1234"
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
),
|
|
|
|
"X-Real-IP": "127.0.0.2",
|
|
|
|
"X-Forwarded-For": "127.0.1.1",
|
|
|
|
"X-Scheme": "ws",
|
|
|
|
}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
2019-10-23 17:12:20 +01:00
|
|
|
assert response.json == {"for": "127.0.0.2", "proto": "ws"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
assert request.remote_addr == "127.0.0.2"
|
|
|
|
assert request.scheme == "ws"
|
|
|
|
assert request.server_port == 80
|
|
|
|
|
|
|
|
app.config.FORWARDED_SECRET = "mySecret"
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert response.json == {
|
|
|
|
"for": "[::2]",
|
|
|
|
"proto": "https",
|
|
|
|
"host": "me.tld",
|
|
|
|
"path": "/app/",
|
2019-10-23 17:12:20 +01:00
|
|
|
"secret": "mySecret",
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
assert request.remote_addr == "[::2]"
|
|
|
|
assert request.server_name == "me.tld"
|
|
|
|
assert request.scheme == "https"
|
|
|
|
assert request.server_port == 443
|
|
|
|
|
|
|
|
# Empty Forwarded header -> use X-headers
|
|
|
|
headers["Forwarded"] = ""
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
2019-10-23 17:12:20 +01:00
|
|
|
assert response.json == {"for": "127.0.0.2", "proto": "ws"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
|
|
|
|
# Header present but not matching anything
|
|
|
|
request, response = app.test_client.get("/", headers={"Forwarded": "."})
|
|
|
|
assert response.json == {}
|
|
|
|
|
|
|
|
# Forwarded header present but no matching secret -> use X-headers
|
|
|
|
headers = {
|
2019-10-23 17:12:20 +01:00
|
|
|
"Forwarded": "for=1.1.1.1;secret=x, for=127.0.0.1",
|
|
|
|
"X-Real-IP": "127.0.0.2",
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert response.json == {"for": "127.0.0.2"}
|
|
|
|
assert request.remote_addr == "127.0.0.2"
|
|
|
|
|
|
|
|
# Different formatting and hitting both ends of the header
|
|
|
|
headers = {"Forwarded": 'Secret="mySecret";For=127.0.0.4;Port=1234'}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert response.json == {
|
|
|
|
"for": "127.0.0.4",
|
|
|
|
"port": 1234,
|
2019-10-23 17:12:20 +01:00
|
|
|
"secret": "mySecret",
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
# Test escapes (modify this if you see anyone implementing quoted-pairs)
|
|
|
|
headers = {"Forwarded": 'for=test;quoted="\\,x=x;y=\\";secret=mySecret'}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert response.json == {
|
|
|
|
"for": "test",
|
2019-10-23 17:12:20 +01:00
|
|
|
"quoted": "\\,x=x;y=\\",
|
|
|
|
"secret": "mySecret",
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
# Secret insulated by malformed field #1
|
2019-10-23 17:12:20 +01:00
|
|
|
headers = {"Forwarded": "for=test;secret=mySecret;b0rked;proto=wss;"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert response.json == {"for": "test", "secret": "mySecret"}
|
|
|
|
|
|
|
|
# Secret insulated by malformed field #2
|
2019-10-23 17:12:20 +01:00
|
|
|
headers = {"Forwarded": "for=test;b0rked;secret=mySecret;proto=wss"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert response.json == {"proto": "wss", "secret": "mySecret"}
|
|
|
|
|
|
|
|
# Unexpected termination should not lose existing acceptable values
|
2019-10-23 17:12:20 +01:00
|
|
|
headers = {"Forwarded": "b0rked;secret=mySecret;proto=wss"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert response.json == {"proto": "wss", "secret": "mySecret"}
|
|
|
|
|
|
|
|
# Field normalization
|
|
|
|
headers = {
|
|
|
|
"Forwarded": 'PROTO=WSS;BY="CAFE::8000";FOR=unknown;PORT=X;HOST="A:2";'
|
2019-10-23 17:12:20 +01:00
|
|
|
'PATH="/With%20Spaces%22Quoted%22/sanicApp?key=val";SECRET=mySecret'
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert response.json == {
|
|
|
|
"proto": "wss",
|
|
|
|
"by": "[cafe::8000]",
|
|
|
|
"host": "a:2",
|
|
|
|
"path": '/With Spaces"Quoted"/sanicApp?key=val',
|
|
|
|
"secret": "mySecret",
|
|
|
|
}
|
|
|
|
|
|
|
|
# Using "by" field as secret
|
|
|
|
app.config.FORWARDED_SECRET = "_proxySecret"
|
2019-10-23 17:12:20 +01:00
|
|
|
headers = {"Forwarded": "for=1.2.3.4; by=_proxySecret"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert response.json == {"for": "1.2.3.4", "by": "_proxySecret"}
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_standard_forwarded_asgi(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return json(request.forwarded)
|
|
|
|
|
|
|
|
# Without configured FORWARDED_SECRET, x-headers should be respected
|
|
|
|
app.config.PROXIES_COUNT = 1
|
|
|
|
app.config.REAL_IP_HEADER = "x-real-ip"
|
|
|
|
headers = {
|
|
|
|
"Forwarded": (
|
|
|
|
'for=1.1.1.1, for=injected;host="'
|
|
|
|
', for="[::2]";proto=https;host=me.tld;path="/app/";secret=mySecret'
|
2019-10-23 17:12:20 +01:00
|
|
|
",for=broken;;secret=b0rked"
|
|
|
|
", for=127.0.0.3;scheme=http;port=1234"
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
),
|
|
|
|
"X-Real-IP": "127.0.0.2",
|
|
|
|
"X-Forwarded-For": "127.0.1.1",
|
|
|
|
"X-Scheme": "ws",
|
|
|
|
}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
2019-10-23 17:12:20 +01:00
|
|
|
assert response.json() == {"for": "127.0.0.2", "proto": "ws"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
assert request.remote_addr == "127.0.0.2"
|
|
|
|
assert request.scheme == "ws"
|
|
|
|
assert request.server_port == 80
|
|
|
|
|
|
|
|
app.config.FORWARDED_SECRET = "mySecret"
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert response.json() == {
|
|
|
|
"for": "[::2]",
|
|
|
|
"proto": "https",
|
|
|
|
"host": "me.tld",
|
|
|
|
"path": "/app/",
|
2019-10-23 17:12:20 +01:00
|
|
|
"secret": "mySecret",
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
assert request.remote_addr == "[::2]"
|
|
|
|
assert request.server_name == "me.tld"
|
|
|
|
assert request.scheme == "https"
|
|
|
|
assert request.server_port == 443
|
|
|
|
|
|
|
|
# Empty Forwarded header -> use X-headers
|
|
|
|
headers["Forwarded"] = ""
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
2019-10-23 17:12:20 +01:00
|
|
|
assert response.json() == {"for": "127.0.0.2", "proto": "ws"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
|
|
|
|
# Header present but not matching anything
|
2019-10-23 17:12:20 +01:00
|
|
|
request, response = await app.asgi_client.get(
|
|
|
|
"/", headers={"Forwarded": "."}
|
|
|
|
)
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
assert response.json() == {}
|
|
|
|
|
|
|
|
# Forwarded header present but no matching secret -> use X-headers
|
|
|
|
headers = {
|
2019-10-23 17:12:20 +01:00
|
|
|
"Forwarded": "for=1.1.1.1;secret=x, for=127.0.0.1",
|
|
|
|
"X-Real-IP": "127.0.0.2",
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert response.json() == {"for": "127.0.0.2"}
|
|
|
|
assert request.remote_addr == "127.0.0.2"
|
|
|
|
|
|
|
|
# Different formatting and hitting both ends of the header
|
|
|
|
headers = {"Forwarded": 'Secret="mySecret";For=127.0.0.4;Port=1234'}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert response.json() == {
|
|
|
|
"for": "127.0.0.4",
|
|
|
|
"port": 1234,
|
2019-10-23 17:12:20 +01:00
|
|
|
"secret": "mySecret",
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
# Test escapes (modify this if you see anyone implementing quoted-pairs)
|
|
|
|
headers = {"Forwarded": 'for=test;quoted="\\,x=x;y=\\";secret=mySecret'}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert response.json() == {
|
|
|
|
"for": "test",
|
2019-10-23 17:12:20 +01:00
|
|
|
"quoted": "\\,x=x;y=\\",
|
|
|
|
"secret": "mySecret",
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
# Secret insulated by malformed field #1
|
2019-10-23 17:12:20 +01:00
|
|
|
headers = {"Forwarded": "for=test;secret=mySecret;b0rked;proto=wss;"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert response.json() == {"for": "test", "secret": "mySecret"}
|
|
|
|
|
|
|
|
# Secret insulated by malformed field #2
|
2019-10-23 17:12:20 +01:00
|
|
|
headers = {"Forwarded": "for=test;b0rked;secret=mySecret;proto=wss"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert response.json() == {"proto": "wss", "secret": "mySecret"}
|
|
|
|
|
|
|
|
# Unexpected termination should not lose existing acceptable values
|
2019-10-23 17:12:20 +01:00
|
|
|
headers = {"Forwarded": "b0rked;secret=mySecret;proto=wss"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert response.json() == {"proto": "wss", "secret": "mySecret"}
|
|
|
|
|
|
|
|
# Field normalization
|
|
|
|
headers = {
|
|
|
|
"Forwarded": 'PROTO=WSS;BY="CAFE::8000";FOR=unknown;PORT=X;HOST="A:2";'
|
2019-10-23 17:12:20 +01:00
|
|
|
'PATH="/With%20Spaces%22Quoted%22/sanicApp?key=val";SECRET=mySecret'
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert response.json() == {
|
|
|
|
"proto": "wss",
|
|
|
|
"by": "[cafe::8000]",
|
|
|
|
"host": "a:2",
|
|
|
|
"path": '/With Spaces"Quoted"/sanicApp?key=val',
|
|
|
|
"secret": "mySecret",
|
|
|
|
}
|
|
|
|
|
|
|
|
# Using "by" field as secret
|
|
|
|
app.config.FORWARDED_SECRET = "_proxySecret"
|
2019-10-23 17:12:20 +01:00
|
|
|
headers = {"Forwarded": "for=1.2.3.4; by=_proxySecret"}
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert response.json() == {"for": "1.2.3.4", "by": "_proxySecret"}
|
|
|
|
|
|
|
|
|
2019-04-16 14:30:28 +01:00
|
|
|
def test_remote_addr_with_two_proxies(app):
|
|
|
|
app.config.PROXIES_COUNT = 2
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
app.config.REAL_IP_HEADER = "x-real-ip"
|
2019-04-16 14:30:28 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/")
|
2017-07-14 17:29:16 +01:00
|
|
|
async def handler(request):
|
|
|
|
return text(request.remote_addr)
|
|
|
|
|
2019-04-16 14:30:28 +01:00
|
|
|
headers = {"X-Real-IP": "127.0.0.2", "X-Forwarded-For": "127.0.1.1"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.0.2"
|
|
|
|
assert response.text == "127.0.0.2"
|
|
|
|
|
|
|
|
headers = {"X-Forwarded-For": "127.0.1.1"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
headers = {"X-Forwarded-For": "127.0.0.1, 127.0.1.2"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.0.1"
|
|
|
|
assert response.text == "127.0.0.1"
|
2017-07-14 17:29:16 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
2017-07-14 17:29:16 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
headers = {"X-Forwarded-For": "127.0.0.1, , ,,127.0.1.2"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.0.1"
|
|
|
|
assert response.text == "127.0.0.1"
|
2017-07-14 17:29:16 +01:00
|
|
|
|
2019-04-16 14:30:28 +01:00
|
|
|
headers = {
|
|
|
|
"X-Forwarded-For": ", 127.0.2.2, , ,127.0.0.1, , ,,127.0.1.2"
|
|
|
|
}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.0.1"
|
|
|
|
assert response.text == "127.0.0.1"
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_remote_addr_with_two_proxies_asgi(app):
|
|
|
|
app.config.PROXIES_COUNT = 2
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
app.config.REAL_IP_HEADER = "x-real-ip"
|
2019-06-04 08:58:00 +01:00
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text(request.remote_addr)
|
|
|
|
|
|
|
|
headers = {"X-Real-IP": "127.0.0.2", "X-Forwarded-For": "127.0.1.1"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.0.2"
|
|
|
|
assert response.text == "127.0.0.2"
|
|
|
|
|
|
|
|
headers = {"X-Forwarded-For": "127.0.1.1"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
|
|
|
headers = {"X-Forwarded-For": "127.0.0.1, 127.0.1.2"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.0.1"
|
|
|
|
assert response.text == "127.0.0.1"
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
|
|
|
headers = {"X-Forwarded-For": "127.0.0.1, , ,,127.0.1.2"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.0.1"
|
|
|
|
assert response.text == "127.0.0.1"
|
|
|
|
|
|
|
|
headers = {
|
|
|
|
"X-Forwarded-For": ", 127.0.2.2, , ,127.0.0.1, , ,,127.0.1.2"
|
|
|
|
}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.0.1"
|
|
|
|
assert response.text == "127.0.0.1"
|
|
|
|
|
|
|
|
|
2019-04-16 14:30:28 +01:00
|
|
|
def test_remote_addr_without_proxy(app):
|
|
|
|
app.config.PROXIES_COUNT = 0
|
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text(request.remote_addr)
|
|
|
|
|
|
|
|
headers = {"X-Real-IP": "127.0.0.2", "X-Forwarded-For": "127.0.1.1"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
|
|
|
headers = {"X-Forwarded-For": "127.0.1.1"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
|
|
|
headers = {"X-Forwarded-For": "127.0.0.1, 127.0.1.2"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_remote_addr_without_proxy_asgi(app):
|
|
|
|
app.config.PROXIES_COUNT = 0
|
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text(request.remote_addr)
|
|
|
|
|
|
|
|
headers = {"X-Real-IP": "127.0.0.2", "X-Forwarded-For": "127.0.1.1"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
|
|
|
headers = {"X-Forwarded-For": "127.0.1.1"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
|
|
|
headers = {"X-Forwarded-For": "127.0.0.1, 127.0.1.2"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
|
|
|
|
2019-04-16 14:30:28 +01:00
|
|
|
def test_remote_addr_custom_headers(app):
|
|
|
|
app.config.PROXIES_COUNT = 1
|
|
|
|
app.config.REAL_IP_HEADER = "Client-IP"
|
|
|
|
app.config.FORWARDED_FOR_HEADER = "Forwarded"
|
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text(request.remote_addr)
|
|
|
|
|
|
|
|
headers = {"X-Real-IP": "127.0.0.2", "Forwarded": "127.0.1.1"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.1.1"
|
|
|
|
assert response.text == "127.0.1.1"
|
|
|
|
|
|
|
|
headers = {"X-Forwarded-For": "127.0.1.1"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
|
|
|
headers = {"Client-IP": "127.0.0.2", "Forwarded": "127.0.1.1"}
|
|
|
|
request, response = app.test_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.0.2"
|
|
|
|
assert response.text == "127.0.0.2"
|
|
|
|
|
2017-07-14 17:29:16 +01:00
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_remote_addr_custom_headers_asgi(app):
|
|
|
|
app.config.PROXIES_COUNT = 1
|
|
|
|
app.config.REAL_IP_HEADER = "Client-IP"
|
|
|
|
app.config.FORWARDED_FOR_HEADER = "Forwarded"
|
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text(request.remote_addr)
|
|
|
|
|
|
|
|
headers = {"X-Real-IP": "127.0.0.2", "Forwarded": "127.0.1.1"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.1.1"
|
|
|
|
assert response.text == "127.0.1.1"
|
|
|
|
|
|
|
|
headers = {"X-Forwarded-For": "127.0.1.1"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == ""
|
|
|
|
assert response.text == ""
|
|
|
|
|
|
|
|
headers = {"Client-IP": "127.0.0.2", "Forwarded": "127.0.1.1"}
|
|
|
|
request, response = await app.asgi_client.get("/", headers=headers)
|
|
|
|
assert request.remote_addr == "127.0.0.2"
|
|
|
|
assert response.text == "127.0.0.2"
|
|
|
|
|
|
|
|
|
2019-07-04 13:13:43 +01:00
|
|
|
def test_forwarded_scheme(app):
|
|
|
|
@app.route("/")
|
|
|
|
async def handler(request):
|
|
|
|
return text(request.remote_addr)
|
|
|
|
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
app.config.PROXIES_COUNT = 1
|
2019-07-04 13:13:43 +01:00
|
|
|
request, response = app.test_client.get("/")
|
2019-07-08 08:33:33 +01:00
|
|
|
assert request.scheme == "http"
|
2019-07-04 13:13:43 +01:00
|
|
|
|
2019-07-08 08:33:33 +01:00
|
|
|
request, response = app.test_client.get(
|
2019-10-23 17:12:20 +01:00
|
|
|
"/",
|
|
|
|
headers={"X-Forwarded-For": "127.1.2.3", "X-Forwarded-Proto": "https"},
|
2019-07-08 08:33:33 +01:00
|
|
|
)
|
|
|
|
assert request.scheme == "https"
|
2019-07-04 13:13:43 +01:00
|
|
|
|
2019-10-23 17:12:20 +01:00
|
|
|
request, response = app.test_client.get(
|
|
|
|
"/", headers={"X-Forwarded-For": "127.1.2.3", "X-Scheme": "https"}
|
|
|
|
)
|
2019-07-08 08:33:33 +01:00
|
|
|
assert request.scheme == "https"
|
2019-07-04 13:13:43 +01:00
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_match_info(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/api/v1/user/<user_id>/")
|
2017-06-17 17:47:58 +01:00
|
|
|
async def handler(request, user_id):
|
|
|
|
return json(request.match_info)
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/api/v1/user/sanic_user/")
|
2017-06-17 17:47:58 +01:00
|
|
|
|
|
|
|
assert request.match_info == {"user_id": "sanic_user"}
|
|
|
|
assert json_loads(response.text) == {"user_id": "sanic_user"}
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_match_info_asgi(app):
|
|
|
|
@app.route("/api/v1/user/<user_id>/")
|
|
|
|
async def handler(request, user_id):
|
|
|
|
return json(request.match_info)
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/api/v1/user/sanic_user/")
|
|
|
|
|
|
|
|
assert request.match_info == {"user_id": "sanic_user"}
|
|
|
|
assert json_loads(response.text) == {"user_id": "sanic_user"}
|
|
|
|
|
|
|
|
|
2016-10-14 11:23:48 +01:00
|
|
|
# ------------------------------------------------------------ #
|
|
|
|
# POST
|
|
|
|
# ------------------------------------------------------------ #
|
|
|
|
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
def test_post_json(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
2016-10-15 03:53:49 +01:00
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
payload = {"test": "OK"}
|
|
|
|
headers = {"content-type": "application/json"}
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2017-02-23 02:36:08 +00:00
|
|
|
request, response = app.test_client.post(
|
2018-12-30 11:18:06 +00:00
|
|
|
"/", data=json_dumps(payload), headers=headers
|
|
|
|
)
|
2016-10-14 11:23:48 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert request.json.get("test") == "OK"
|
|
|
|
assert request.json.get("test") == "OK" # for request.parsed_json
|
|
|
|
assert response.text == "OK"
|
2016-10-19 08:23:44 +01:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_post_json_asgi(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
payload = {"test": "OK"}
|
|
|
|
headers = {"content-type": "application/json"}
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.post(
|
|
|
|
"/", data=json_dumps(payload), headers=headers
|
|
|
|
)
|
|
|
|
|
|
|
|
assert request.json.get("test") == "OK"
|
|
|
|
assert request.json.get("test") == "OK" # for request.parsed_json
|
|
|
|
assert response.text == "OK"
|
|
|
|
|
|
|
|
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_post_form_urlencoded(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/", methods=["POST"])
|
2016-10-19 08:23:44 +01:00
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2016-10-19 08:23:44 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
payload = "test=OK"
|
|
|
|
headers = {"content-type": "application/x-www-form-urlencoded"}
|
2016-10-19 08:23:44 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.post(
|
|
|
|
"/", data=payload, headers=headers
|
|
|
|
)
|
2016-10-19 08:23:44 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert request.form.get("test") == "OK"
|
|
|
|
assert request.form.get("test") == "OK" # For request.parsed_form
|
2016-10-19 08:23:44 +01:00
|
|
|
|
2017-07-14 17:29:16 +01:00
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_post_form_urlencoded_asgi(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
payload = "test=OK"
|
|
|
|
headers = {"content-type": "application/x-www-form-urlencoded"}
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.post(
|
|
|
|
"/", data=payload, headers=headers
|
|
|
|
)
|
|
|
|
|
|
|
|
assert request.form.get("test") == "OK"
|
|
|
|
assert request.form.get("test") == "OK" # For request.parsed_form
|
|
|
|
|
|
|
|
|
2017-07-10 20:29:47 +01:00
|
|
|
@pytest.mark.parametrize(
|
2018-12-30 11:18:06 +00:00
|
|
|
"payload",
|
|
|
|
[
|
|
|
|
"------sanic\r\n"
|
2018-10-22 21:25:38 +01:00
|
|
|
'Content-Disposition: form-data; name="test"\r\n'
|
2018-12-30 11:18:06 +00:00
|
|
|
"\r\n"
|
|
|
|
"OK\r\n"
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"------sanic\r\n"
|
2018-10-22 21:25:38 +01:00
|
|
|
'content-disposition: form-data; name="test"\r\n'
|
2018-12-30 11:18:06 +00:00
|
|
|
"\r\n"
|
|
|
|
"OK\r\n"
|
|
|
|
"------sanic--\r\n",
|
|
|
|
],
|
|
|
|
)
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_post_form_multipart_form_data(app, payload):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/", methods=["POST"])
|
2016-10-19 08:23:44 +01:00
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2016-10-19 08:23:44 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
headers = {"content-type": "multipart/form-data; boundary=----sanic"}
|
2016-10-19 08:23:44 +01:00
|
|
|
|
2017-02-23 02:36:08 +00:00
|
|
|
request, response = app.test_client.post(data=payload, headers=headers)
|
2016-10-19 08:23:44 +01:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert request.form.get("test") == "OK"
|
2017-03-03 16:44:50 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.parametrize(
|
|
|
|
"payload",
|
|
|
|
[
|
|
|
|
"------sanic\r\n"
|
|
|
|
'Content-Disposition: form-data; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
"OK\r\n"
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"------sanic\r\n"
|
|
|
|
'content-disposition: form-data; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
"OK\r\n"
|
|
|
|
"------sanic--\r\n",
|
|
|
|
],
|
|
|
|
)
|
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_post_form_multipart_form_data_asgi(app, payload):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
headers = {"content-type": "multipart/form-data; boundary=----sanic"}
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.post(
|
|
|
|
"/", data=payload, headers=headers
|
|
|
|
)
|
|
|
|
|
|
|
|
assert request.form.get("test") == "OK"
|
|
|
|
|
|
|
|
|
2017-03-03 16:44:50 +00:00
|
|
|
@pytest.mark.parametrize(
|
2018-12-30 11:18:06 +00:00
|
|
|
"path,query,expected_url",
|
|
|
|
[
|
|
|
|
("/foo", "", "http://{}:{}/foo"),
|
|
|
|
("/bar/baz", "", "http://{}:{}/bar/baz"),
|
|
|
|
("/moo/boo", "arg1=val1", "http://{}:{}/moo/boo?arg1=val1"),
|
|
|
|
],
|
|
|
|
)
|
2018-08-26 15:43:14 +01:00
|
|
|
def test_url_attributes_no_ssl(app, path, query, expected_url):
|
2017-03-03 16:44:50 +00:00
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2017-03-03 16:44:50 +00:00
|
|
|
|
|
|
|
app.add_route(handler, path)
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get(path + "?{}".format(query))
|
2018-03-16 04:28:52 +00:00
|
|
|
assert request.url == expected_url.format(HOST, PORT)
|
2017-03-03 16:44:50 +00:00
|
|
|
|
|
|
|
parsed = urlparse(request.url)
|
|
|
|
|
|
|
|
assert parsed.scheme == request.scheme
|
|
|
|
assert parsed.path == request.path
|
|
|
|
assert parsed.query == request.query_string
|
2017-03-03 18:32:32 +00:00
|
|
|
assert parsed.netloc == request.host
|
2017-03-03 16:44:50 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.parametrize(
|
|
|
|
"path,query,expected_url",
|
|
|
|
[
|
|
|
|
("/foo", "", "http://{}/foo"),
|
|
|
|
("/bar/baz", "", "http://{}/bar/baz"),
|
|
|
|
("/moo/boo", "arg1=val1", "http://{}/moo/boo?arg1=val1"),
|
|
|
|
],
|
|
|
|
)
|
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_url_attributes_no_ssl_asgi(app, path, query, expected_url):
|
|
|
|
async def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
app.add_route(handler, path)
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get(path + "?{}".format(query))
|
|
|
|
assert request.url == expected_url.format(ASGI_HOST)
|
|
|
|
|
|
|
|
parsed = urlparse(request.url)
|
|
|
|
|
|
|
|
assert parsed.scheme == request.scheme
|
|
|
|
assert parsed.path == request.path
|
|
|
|
assert parsed.query == request.query_string
|
|
|
|
assert parsed.netloc == request.host
|
|
|
|
|
|
|
|
|
2017-03-03 16:44:50 +00:00
|
|
|
@pytest.mark.parametrize(
|
2018-12-30 11:18:06 +00:00
|
|
|
"path,query,expected_url",
|
|
|
|
[
|
|
|
|
("/foo", "", "https://{}:{}/foo"),
|
|
|
|
("/bar/baz", "", "https://{}:{}/bar/baz"),
|
|
|
|
("/moo/boo", "arg1=val1", "https://{}:{}/moo/boo?arg1=val1"),
|
|
|
|
],
|
|
|
|
)
|
2018-12-13 17:50:50 +00:00
|
|
|
def test_url_attributes_with_ssl_context(app, path, query, expected_url):
|
2017-03-03 16:44:50 +00:00
|
|
|
current_dir = os.path.dirname(os.path.realpath(__file__))
|
|
|
|
context = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
|
|
|
|
context.load_cert_chain(
|
2018-12-30 11:18:06 +00:00
|
|
|
os.path.join(current_dir, "certs/selfsigned.cert"),
|
|
|
|
keyfile=os.path.join(current_dir, "certs/selfsigned.key"),
|
|
|
|
)
|
2017-03-03 16:44:50 +00:00
|
|
|
|
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2017-03-03 16:44:50 +00:00
|
|
|
|
|
|
|
app.add_route(handler, path)
|
|
|
|
|
|
|
|
request, response = app.test_client.get(
|
2018-12-30 11:18:06 +00:00
|
|
|
"https://{}:{}".format(HOST, PORT) + path + "?{}".format(query),
|
|
|
|
server_kwargs={"ssl": context},
|
|
|
|
)
|
2018-03-16 04:28:52 +00:00
|
|
|
assert request.url == expected_url.format(HOST, PORT)
|
2017-03-03 16:44:50 +00:00
|
|
|
|
|
|
|
parsed = urlparse(request.url)
|
|
|
|
|
|
|
|
assert parsed.scheme == request.scheme
|
|
|
|
assert parsed.path == request.path
|
|
|
|
assert parsed.query == request.query_string
|
2017-03-03 18:32:32 +00:00
|
|
|
assert parsed.netloc == request.host
|
2018-11-10 11:20:30 +00:00
|
|
|
|
|
|
|
|
2018-12-13 17:50:50 +00:00
|
|
|
@pytest.mark.parametrize(
|
2018-12-30 11:18:06 +00:00
|
|
|
"path,query,expected_url",
|
|
|
|
[
|
|
|
|
("/foo", "", "https://{}:{}/foo"),
|
|
|
|
("/bar/baz", "", "https://{}:{}/bar/baz"),
|
|
|
|
("/moo/boo", "arg1=val1", "https://{}:{}/moo/boo?arg1=val1"),
|
|
|
|
],
|
|
|
|
)
|
2018-12-13 17:50:50 +00:00
|
|
|
def test_url_attributes_with_ssl_dict(app, path, query, expected_url):
|
|
|
|
|
|
|
|
current_dir = os.path.dirname(os.path.realpath(__file__))
|
2018-12-30 11:18:06 +00:00
|
|
|
ssl_cert = os.path.join(current_dir, "certs/selfsigned.cert")
|
|
|
|
ssl_key = os.path.join(current_dir, "certs/selfsigned.key")
|
2018-12-13 17:50:50 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
ssl_dict = {"cert": ssl_cert, "key": ssl_key}
|
2018-12-13 17:50:50 +00:00
|
|
|
|
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2018-12-13 17:50:50 +00:00
|
|
|
|
|
|
|
app.add_route(handler, path)
|
|
|
|
|
|
|
|
request, response = app.test_client.get(
|
2018-12-30 11:18:06 +00:00
|
|
|
"https://{}:{}".format(HOST, PORT) + path + "?{}".format(query),
|
|
|
|
server_kwargs={"ssl": ssl_dict},
|
|
|
|
)
|
2018-12-13 17:50:50 +00:00
|
|
|
assert request.url == expected_url.format(HOST, PORT)
|
|
|
|
|
|
|
|
parsed = urlparse(request.url)
|
|
|
|
|
|
|
|
assert parsed.scheme == request.scheme
|
|
|
|
assert parsed.path == request.path
|
|
|
|
assert parsed.query == request.query_string
|
|
|
|
assert parsed.netloc == request.host
|
|
|
|
|
|
|
|
|
|
|
|
def test_invalid_ssl_dict(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.get("/test")
|
2018-12-13 17:50:50 +00:00
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("ssl test")
|
2018-12-13 17:50:50 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
ssl_dict = {"cert": None, "key": None}
|
2018-12-13 17:50:50 +00:00
|
|
|
|
|
|
|
with pytest.raises(ValueError) as excinfo:
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get(
|
|
|
|
"/test", server_kwargs={"ssl": ssl_dict}
|
|
|
|
)
|
2018-12-13 17:50:50 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert str(excinfo.value) == "SSLContext or certificate and key required."
|
2018-12-13 17:50:50 +00:00
|
|
|
|
|
|
|
|
2018-11-10 11:20:30 +00:00
|
|
|
def test_form_with_multiple_values(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/", methods=["POST"])
|
2018-11-10 11:20:30 +00:00
|
|
|
async def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
payload = "selectedItems=v1&selectedItems=v2&selectedItems=v3"
|
2018-11-10 11:20:30 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
headers = {"content-type": "application/x-www-form-urlencoded"}
|
2018-11-10 11:20:30 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.post(
|
|
|
|
"/", data=payload, headers=headers
|
|
|
|
)
|
2018-11-10 11:20:30 +00:00
|
|
|
|
|
|
|
assert request.form.getlist("selectedItems") == ["v1", "v2", "v3"]
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_form_with_multiple_values_asgi(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
payload = "selectedItems=v1&selectedItems=v2&selectedItems=v3"
|
|
|
|
|
|
|
|
headers = {"content-type": "application/x-www-form-urlencoded"}
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.post(
|
|
|
|
"/", data=payload, headers=headers
|
|
|
|
)
|
|
|
|
|
|
|
|
assert request.form.getlist("selectedItems") == ["v1", "v2", "v3"]
|
|
|
|
|
|
|
|
|
2018-11-10 11:20:30 +00:00
|
|
|
def test_request_string_representation(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/", methods=["GET"])
|
2018-11-10 11:20:30 +00:00
|
|
|
async def get(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
request, _ = app.test_client.get("/")
|
2018-12-30 11:18:06 +00:00
|
|
|
assert repr(request) == "<Request: GET />"
|
2018-11-10 11:20:30 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_string_representation_asgi(app):
|
|
|
|
@app.route("/", methods=["GET"])
|
|
|
|
async def get(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
request, _ = await app.asgi_client.get("/")
|
|
|
|
assert repr(request) == "<Request: GET />"
|
|
|
|
|
|
|
|
|
2018-11-10 11:20:30 +00:00
|
|
|
@pytest.mark.parametrize(
|
2019-02-28 14:55:32 +00:00
|
|
|
"payload,filename",
|
2018-12-30 11:18:06 +00:00
|
|
|
[
|
2019-04-23 22:44:42 +01:00
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'Content-Disposition: form-data; filename="filename"; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
"OK\r\n"
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"filename",
|
|
|
|
),
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'content-disposition: form-data; filename="filename"; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
'content-type: application/json; {"field": "value"}\r\n'
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"filename",
|
|
|
|
),
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'Content-Disposition: form-data; filename=""; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
"OK\r\n"
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"",
|
|
|
|
),
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'content-disposition: form-data; filename=""; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
'content-type: application/json; {"field": "value"}\r\n'
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"",
|
|
|
|
),
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'Content-Disposition: form-data; filename*="utf-8\'\'filename_%C2%A0_test"; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
"OK\r\n"
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"filename_\u00A0_test",
|
|
|
|
),
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'content-disposition: form-data; filename*="utf-8\'\'filename_%C2%A0_test"; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
'content-type: application/json; {"field": "value"}\r\n'
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"filename_\u00A0_test",
|
|
|
|
),
|
2018-12-30 11:18:06 +00:00
|
|
|
],
|
|
|
|
)
|
2019-02-28 14:55:32 +00:00
|
|
|
def test_request_multipart_files(app, payload, filename):
|
2018-11-10 11:20:30 +00:00
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
headers = {"content-type": "multipart/form-data; boundary=----sanic"}
|
2018-11-10 11:20:30 +00:00
|
|
|
|
|
|
|
request, _ = app.test_client.post(data=payload, headers=headers)
|
2019-02-28 14:55:32 +00:00
|
|
|
assert request.files.get("test").name == filename
|
2018-11-10 11:20:30 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.parametrize(
|
|
|
|
"payload,filename",
|
|
|
|
[
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'Content-Disposition: form-data; filename="filename"; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
"OK\r\n"
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"filename",
|
|
|
|
),
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'content-disposition: form-data; filename="filename"; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
'content-type: application/json; {"field": "value"}\r\n'
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"filename",
|
|
|
|
),
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'Content-Disposition: form-data; filename=""; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
"OK\r\n"
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"",
|
|
|
|
),
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'content-disposition: form-data; filename=""; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
'content-type: application/json; {"field": "value"}\r\n'
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"",
|
|
|
|
),
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'Content-Disposition: form-data; filename*="utf-8\'\'filename_%C2%A0_test"; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
"OK\r\n"
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"filename_\u00A0_test",
|
|
|
|
),
|
|
|
|
(
|
|
|
|
"------sanic\r\n"
|
|
|
|
'content-disposition: form-data; filename*="utf-8\'\'filename_%C2%A0_test"; name="test"\r\n'
|
|
|
|
"\r\n"
|
|
|
|
'content-type: application/json; {"field": "value"}\r\n'
|
|
|
|
"------sanic--\r\n",
|
|
|
|
"filename_\u00A0_test",
|
|
|
|
),
|
|
|
|
],
|
|
|
|
)
|
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_multipart_files_asgi(app, payload, filename):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
headers = {"content-type": "multipart/form-data; boundary=----sanic"}
|
|
|
|
|
|
|
|
request, _ = await app.asgi_client.post("/", data=payload, headers=headers)
|
|
|
|
assert request.files.get("test").name == filename
|
|
|
|
|
|
|
|
|
2018-11-10 11:20:30 +00:00
|
|
|
def test_request_multipart_file_with_json_content_type(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
payload = (
|
2018-12-30 11:18:06 +00:00
|
|
|
"------sanic\r\n"
|
2018-12-22 15:21:45 +00:00
|
|
|
'Content-Disposition: form-data; name="file"; filename="test.json"\r\n'
|
2018-12-30 11:18:06 +00:00
|
|
|
"Content-Type: application/json\r\n"
|
|
|
|
"Content-Length: 0"
|
|
|
|
"\r\n"
|
|
|
|
"\r\n"
|
|
|
|
"------sanic--"
|
2018-12-22 15:21:45 +00:00
|
|
|
)
|
2018-11-10 11:20:30 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
headers = {"content-type": "multipart/form-data; boundary=------sanic"}
|
2018-11-10 11:20:30 +00:00
|
|
|
|
|
|
|
request, _ = app.test_client.post(data=payload, headers=headers)
|
2018-12-30 11:18:06 +00:00
|
|
|
assert request.files.get("file").type == "application/json"
|
2018-11-10 11:20:30 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_multipart_file_with_json_content_type_asgi(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
payload = (
|
|
|
|
"------sanic\r\n"
|
|
|
|
'Content-Disposition: form-data; name="file"; filename="test.json"\r\n'
|
|
|
|
"Content-Type: application/json\r\n"
|
|
|
|
"Content-Length: 0"
|
|
|
|
"\r\n"
|
|
|
|
"\r\n"
|
|
|
|
"------sanic--"
|
|
|
|
)
|
|
|
|
|
|
|
|
headers = {"content-type": "multipart/form-data; boundary=------sanic"}
|
|
|
|
|
|
|
|
request, _ = await app.asgi_client.post("/", data=payload, headers=headers)
|
|
|
|
assert request.files.get("file").type == "application/json"
|
|
|
|
|
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
def test_request_multipart_file_without_field_name(app, caplog):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
payload = (
|
|
|
|
'------sanic\r\nContent-Disposition: form-data; filename="test.json"'
|
2018-12-30 11:18:06 +00:00
|
|
|
"\r\nContent-Type: application/json\r\n\r\n\r\n------sanic--"
|
2018-12-22 15:21:45 +00:00
|
|
|
)
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
headers = {"content-type": "multipart/form-data; boundary=------sanic"}
|
|
|
|
|
|
|
|
request, _ = app.test_client.post(
|
|
|
|
data=payload, headers=headers, debug=True
|
|
|
|
)
|
|
|
|
with caplog.at_level(logging.DEBUG):
|
|
|
|
request.form
|
|
|
|
|
|
|
|
assert caplog.record_tuples[-1] == (
|
|
|
|
"sanic.root",
|
|
|
|
logging.DEBUG,
|
|
|
|
"Form-data field does not have a 'name' parameter "
|
|
|
|
"in the Content-Disposition header",
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
def test_request_multipart_file_duplicate_filed_name(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
payload = (
|
|
|
|
"--e73ffaa8b1b2472b8ec848de833cb05b\r\n"
|
|
|
|
'Content-Disposition: form-data; name="file"\r\n'
|
|
|
|
"Content-Type: application/octet-stream\r\n"
|
|
|
|
"Content-Length: 15\r\n"
|
|
|
|
"\r\n"
|
|
|
|
'{"test":"json"}\r\n'
|
|
|
|
"--e73ffaa8b1b2472b8ec848de833cb05b\r\n"
|
|
|
|
'Content-Disposition: form-data; name="file"\r\n'
|
|
|
|
"Content-Type: application/octet-stream\r\n"
|
|
|
|
"Content-Length: 15\r\n"
|
|
|
|
"\r\n"
|
|
|
|
'{"test":"json2"}\r\n'
|
|
|
|
"--e73ffaa8b1b2472b8ec848de833cb05b--\r\n"
|
|
|
|
)
|
|
|
|
|
|
|
|
headers = {
|
|
|
|
"Content-Type": "multipart/form-data; boundary=e73ffaa8b1b2472b8ec848de833cb05b"
|
|
|
|
}
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, _ = app.test_client.post(
|
|
|
|
data=payload, headers=headers, debug=True
|
|
|
|
)
|
2019-06-04 08:58:00 +01:00
|
|
|
assert request.form.getlist("file") == [
|
|
|
|
'{"test":"json"}',
|
|
|
|
'{"test":"json2"}',
|
|
|
|
]
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_multipart_file_duplicate_filed_name_asgi(app):
|
2018-12-22 15:21:45 +00:00
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
payload = (
|
2018-12-30 11:18:06 +00:00
|
|
|
"--e73ffaa8b1b2472b8ec848de833cb05b\r\n"
|
2018-12-22 15:21:45 +00:00
|
|
|
'Content-Disposition: form-data; name="file"\r\n'
|
2018-12-30 11:18:06 +00:00
|
|
|
"Content-Type: application/octet-stream\r\n"
|
|
|
|
"Content-Length: 15\r\n"
|
|
|
|
"\r\n"
|
2018-12-22 15:21:45 +00:00
|
|
|
'{"test":"json"}\r\n'
|
2018-12-30 11:18:06 +00:00
|
|
|
"--e73ffaa8b1b2472b8ec848de833cb05b\r\n"
|
2018-12-22 15:21:45 +00:00
|
|
|
'Content-Disposition: form-data; name="file"\r\n'
|
2018-12-30 11:18:06 +00:00
|
|
|
"Content-Type: application/octet-stream\r\n"
|
|
|
|
"Content-Length: 15\r\n"
|
|
|
|
"\r\n"
|
2018-12-22 15:21:45 +00:00
|
|
|
'{"test":"json2"}\r\n'
|
2018-12-30 11:18:06 +00:00
|
|
|
"--e73ffaa8b1b2472b8ec848de833cb05b--\r\n"
|
2018-12-22 15:21:45 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
headers = {
|
2018-12-30 11:18:06 +00:00
|
|
|
"Content-Type": "multipart/form-data; boundary=e73ffaa8b1b2472b8ec848de833cb05b"
|
2018-12-22 15:21:45 +00:00
|
|
|
}
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
request, _ = await app.asgi_client.post("/", data=payload, headers=headers)
|
2018-12-30 11:18:06 +00:00
|
|
|
assert request.form.getlist("file") == [
|
|
|
|
'{"test":"json"}',
|
|
|
|
'{"test":"json2"}',
|
|
|
|
]
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
|
2018-11-10 11:20:30 +00:00
|
|
|
def test_request_multipart_with_multiple_files_and_type(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
payload = (
|
|
|
|
'------sanic\r\nContent-Disposition: form-data; name="file"; filename="test.json"'
|
|
|
|
"\r\nContent-Type: application/json\r\n\r\n\r\n"
|
|
|
|
'------sanic\r\nContent-Disposition: form-data; name="file"; filename="some_file.pdf"\r\n'
|
|
|
|
"Content-Type: application/pdf\r\n\r\n\r\n------sanic--"
|
|
|
|
)
|
|
|
|
headers = {"content-type": "multipart/form-data; boundary=------sanic"}
|
2018-11-10 11:20:30 +00:00
|
|
|
|
|
|
|
request, _ = app.test_client.post(data=payload, headers=headers)
|
2018-12-30 11:18:06 +00:00
|
|
|
assert len(request.files.getlist("file")) == 2
|
|
|
|
assert request.files.getlist("file")[0].type == "application/json"
|
|
|
|
assert request.files.getlist("file")[1].type == "application/pdf"
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_multipart_with_multiple_files_and_type_asgi(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
payload = (
|
|
|
|
'------sanic\r\nContent-Disposition: form-data; name="file"; filename="test.json"'
|
|
|
|
"\r\nContent-Type: application/json\r\n\r\n\r\n"
|
|
|
|
'------sanic\r\nContent-Disposition: form-data; name="file"; filename="some_file.pdf"\r\n'
|
|
|
|
"Content-Type: application/pdf\r\n\r\n\r\n------sanic--"
|
|
|
|
)
|
|
|
|
headers = {"content-type": "multipart/form-data; boundary=------sanic"}
|
|
|
|
|
|
|
|
request, _ = await app.asgi_client.post("/", data=payload, headers=headers)
|
|
|
|
assert len(request.files.getlist("file")) == 2
|
|
|
|
assert request.files.getlist("file")[0].type == "application/json"
|
|
|
|
assert request.files.getlist("file")[1].type == "application/pdf"
|
|
|
|
|
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
def test_request_repr(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("pass")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
|
|
|
assert repr(request) == "<Request: GET />"
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
request.method = None
|
2019-01-16 16:24:11 +00:00
|
|
|
assert repr(request) == "<Request: None />"
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_repr_asgi(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("pass")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
assert repr(request) == "<Request: GET />"
|
|
|
|
|
|
|
|
request.method = None
|
|
|
|
assert repr(request) == "<Request: None />"
|
|
|
|
|
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
def test_request_bool(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("pass")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
assert bool(request)
|
|
|
|
|
|
|
|
|
|
|
|
def test_request_parsing_form_failed(app, caplog):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.route("/", methods=["POST"])
|
2018-12-22 15:21:45 +00:00
|
|
|
async def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
payload = "test=OK"
|
|
|
|
headers = {"content-type": "multipart/form-data"}
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.post(
|
|
|
|
"/", data=payload, headers=headers
|
|
|
|
)
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
with caplog.at_level(logging.ERROR):
|
|
|
|
request.form
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
assert caplog.record_tuples[-1] == (
|
|
|
|
"sanic.error",
|
|
|
|
logging.ERROR,
|
|
|
|
"Failed when parsing form",
|
|
|
|
)
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_parsing_form_failed_asgi(app, caplog):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
payload = "test=OK"
|
|
|
|
headers = {"content-type": "multipart/form-data"}
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.post(
|
|
|
|
"/", data=payload, headers=headers
|
|
|
|
)
|
|
|
|
|
|
|
|
with caplog.at_level(logging.ERROR):
|
|
|
|
request.form
|
|
|
|
|
|
|
|
assert caplog.record_tuples[-1] == (
|
|
|
|
"sanic.error",
|
|
|
|
logging.ERROR,
|
|
|
|
"Failed when parsing form",
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
def test_request_args_no_query_string(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("pass")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
assert request.args == {}
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_args_no_query_string_await(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("pass")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
|
|
|
assert request.args == {}
|
|
|
|
|
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
def test_request_raw_args(app):
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
params = {"test": "OK"}
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("pass")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/", params=params)
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
assert request.raw_args == params
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_raw_args_asgi(app):
|
|
|
|
|
|
|
|
params = {"test": "OK"}
|
|
|
|
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("pass")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/", params=params)
|
|
|
|
|
|
|
|
assert request.raw_args == params
|
|
|
|
|
|
|
|
|
2019-03-14 14:04:05 +00:00
|
|
|
def test_request_query_args(app):
|
|
|
|
# test multiple params with the same key
|
2019-04-23 22:44:42 +01:00
|
|
|
params = [("test", "value1"), ("test", "value2")]
|
2019-03-14 14:04:05 +00:00
|
|
|
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("pass")
|
|
|
|
|
|
|
|
request, response = app.test_client.get("/", params=params)
|
|
|
|
|
|
|
|
assert request.query_args == params
|
|
|
|
|
|
|
|
# test cached value
|
2019-04-23 22:44:42 +01:00
|
|
|
assert (
|
|
|
|
request.parsed_not_grouped_args[(False, False, "utf-8", "replace")]
|
|
|
|
== request.query_args
|
|
|
|
)
|
2019-03-14 14:04:05 +00:00
|
|
|
|
|
|
|
# test params directly in the url
|
|
|
|
request, response = app.test_client.get("/?test=value1&test=value2")
|
|
|
|
|
|
|
|
assert request.query_args == params
|
|
|
|
|
|
|
|
# test unique params
|
2019-04-23 22:44:42 +01:00
|
|
|
params = [("test1", "value1"), ("test2", "value2")]
|
2019-03-14 14:04:05 +00:00
|
|
|
|
|
|
|
request, response = app.test_client.get("/", params=params)
|
|
|
|
|
|
|
|
assert request.query_args == params
|
|
|
|
|
|
|
|
# test no params
|
|
|
|
request, response = app.test_client.get("/")
|
|
|
|
|
|
|
|
assert not request.query_args
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_query_args_asgi(app):
|
|
|
|
# test multiple params with the same key
|
|
|
|
params = [("test", "value1"), ("test", "value2")]
|
|
|
|
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("pass")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/", params=params)
|
|
|
|
|
|
|
|
assert request.query_args == params
|
|
|
|
|
|
|
|
# test cached value
|
|
|
|
assert (
|
|
|
|
request.parsed_not_grouped_args[(False, False, "utf-8", "replace")]
|
|
|
|
== request.query_args
|
|
|
|
)
|
|
|
|
|
|
|
|
# test params directly in the url
|
|
|
|
request, response = await app.asgi_client.get("/?test=value1&test=value2")
|
|
|
|
|
|
|
|
assert request.query_args == params
|
|
|
|
|
|
|
|
# test unique params
|
|
|
|
params = [("test1", "value1"), ("test2", "value2")]
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/", params=params)
|
|
|
|
|
|
|
|
assert request.query_args == params
|
|
|
|
|
|
|
|
# test no params
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
|
|
|
assert not request.query_args
|
|
|
|
|
|
|
|
|
2019-03-14 14:04:05 +00:00
|
|
|
def test_request_query_args_custom_parsing(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("pass")
|
|
|
|
|
2019-04-23 22:44:42 +01:00
|
|
|
request, response = app.test_client.get(
|
|
|
|
"/?test1=value1&test2=&test3=value3"
|
|
|
|
)
|
2019-03-14 14:04:05 +00:00
|
|
|
|
2019-04-23 22:44:42 +01:00
|
|
|
assert request.get_query_args(keep_blank_values=True) == [
|
|
|
|
("test1", "value1"),
|
|
|
|
("test2", ""),
|
|
|
|
("test3", "value3"),
|
2019-03-14 14:04:05 +00:00
|
|
|
]
|
2019-04-23 22:44:42 +01:00
|
|
|
assert request.query_args == [("test1", "value1"), ("test3", "value3")]
|
|
|
|
assert request.get_query_args(keep_blank_values=False) == [
|
|
|
|
("test1", "value1"),
|
|
|
|
("test3", "value3"),
|
2019-03-14 14:04:05 +00:00
|
|
|
]
|
|
|
|
|
2019-04-23 22:44:42 +01:00
|
|
|
assert request.get_args(keep_blank_values=True) == RequestParameters(
|
2019-03-14 14:04:05 +00:00
|
|
|
{"test1": ["value1"], "test2": [""], "test3": ["value3"]}
|
|
|
|
)
|
|
|
|
|
|
|
|
assert request.args == RequestParameters(
|
|
|
|
{"test1": ["value1"], "test3": ["value3"]}
|
|
|
|
)
|
|
|
|
|
2019-04-23 22:44:42 +01:00
|
|
|
assert request.get_args(keep_blank_values=False) == RequestParameters(
|
2019-03-14 14:04:05 +00:00
|
|
|
{"test1": ["value1"], "test3": ["value3"]}
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_query_args_custom_parsing_asgi(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("pass")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get(
|
|
|
|
"/?test1=value1&test2=&test3=value3"
|
|
|
|
)
|
|
|
|
|
|
|
|
assert request.get_query_args(keep_blank_values=True) == [
|
|
|
|
("test1", "value1"),
|
|
|
|
("test2", ""),
|
|
|
|
("test3", "value3"),
|
|
|
|
]
|
|
|
|
assert request.query_args == [("test1", "value1"), ("test3", "value3")]
|
|
|
|
assert request.get_query_args(keep_blank_values=False) == [
|
|
|
|
("test1", "value1"),
|
|
|
|
("test3", "value3"),
|
|
|
|
]
|
|
|
|
|
|
|
|
assert request.get_args(keep_blank_values=True) == RequestParameters(
|
|
|
|
{"test1": ["value1"], "test2": [""], "test3": ["value3"]}
|
|
|
|
)
|
|
|
|
|
|
|
|
assert request.args == RequestParameters(
|
|
|
|
{"test1": ["value1"], "test3": ["value3"]}
|
|
|
|
)
|
|
|
|
|
|
|
|
assert request.get_args(keep_blank_values=False) == RequestParameters(
|
|
|
|
{"test1": ["value1"], "test3": ["value3"]}
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
def test_request_cookies(app):
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
cookies = {"test": "OK"}
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/", cookies=cookies)
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
assert request.cookies == cookies
|
2018-12-30 11:18:06 +00:00
|
|
|
assert request.cookies == cookies # For request._cookies
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_cookies_asgi(app):
|
|
|
|
|
|
|
|
cookies = {"test": "OK"}
|
|
|
|
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/", cookies=cookies)
|
|
|
|
|
|
|
|
assert request.cookies == cookies
|
|
|
|
assert request.cookies == cookies # For request._cookies
|
|
|
|
|
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
def test_request_cookies_without_cookies(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
assert request.cookies == {}
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_cookies_without_cookies_asgi(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
|
|
|
assert request.cookies == {}
|
|
|
|
|
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
def test_request_port(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
port = request.port
|
|
|
|
assert isinstance(port, int)
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
delattr(request, "_socket")
|
|
|
|
delattr(request, "_port")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
port = request.port
|
|
|
|
assert isinstance(port, int)
|
2018-12-30 11:18:06 +00:00
|
|
|
assert hasattr(request, "_socket")
|
|
|
|
assert hasattr(request, "_port")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
|
|
|
|
def test_request_socket(app):
|
2018-12-30 11:18:06 +00:00
|
|
|
@app.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
def handler(request):
|
2018-12-30 11:18:06 +00:00
|
|
|
return text("OK")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.get("/")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
socket = request.socket
|
|
|
|
assert isinstance(socket, tuple)
|
|
|
|
|
|
|
|
ip = socket[0]
|
|
|
|
port = socket[1]
|
|
|
|
|
|
|
|
assert ip == request.ip
|
|
|
|
assert port == request.port
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
delattr(request, "_socket")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
socket = request.socket
|
|
|
|
assert isinstance(socket, tuple)
|
2018-12-30 11:18:06 +00:00
|
|
|
assert hasattr(request, "_socket")
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
|
2019-07-04 13:13:43 +01:00
|
|
|
def test_request_server_name(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
request, response = app.test_client.get("/")
|
2019-07-08 08:33:33 +01:00
|
|
|
assert request.server_name == "127.0.0.1"
|
2019-07-04 13:13:43 +01:00
|
|
|
|
|
|
|
|
|
|
|
def test_request_server_name_in_host_header(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
2019-07-08 08:33:33 +01:00
|
|
|
request, response = app.test_client.get(
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
"/", headers={"Host": "my-server:5555"}
|
2019-07-08 08:33:33 +01:00
|
|
|
)
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
assert request.server_name == "my-server"
|
|
|
|
|
|
|
|
request, response = app.test_client.get(
|
|
|
|
"/", headers={"Host": "[2a00:1450:400f:80c::200e]:5555"}
|
|
|
|
)
|
|
|
|
assert request.server_name == "[2a00:1450:400f:80c::200e]"
|
|
|
|
|
|
|
|
request, response = app.test_client.get(
|
|
|
|
"/", headers={"Host": "mal_formed"}
|
|
|
|
)
|
2019-10-23 17:12:20 +01:00
|
|
|
assert request.server_name == None # For now (later maybe 127.0.0.1)
|
2019-07-04 13:13:43 +01:00
|
|
|
|
|
|
|
|
|
|
|
def test_request_server_name_forwarded(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
app.config.PROXIES_COUNT = 1
|
2019-07-08 08:33:33 +01:00
|
|
|
request, response = app.test_client.get(
|
|
|
|
"/",
|
2019-10-23 17:12:20 +01:00
|
|
|
headers={
|
|
|
|
"Host": "my-server:5555",
|
|
|
|
"X-Forwarded-For": "127.1.2.3",
|
|
|
|
"X-Forwarded-Host": "your-server",
|
|
|
|
},
|
2019-07-08 08:33:33 +01:00
|
|
|
)
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
assert request.server_name == "your-server"
|
2019-07-04 13:13:43 +01:00
|
|
|
|
|
|
|
|
|
|
|
def test_request_server_port(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request, response = app.test_client.get("/", headers={"Host": "my-server"})
|
2019-07-04 13:13:43 +01:00
|
|
|
assert request.server_port == app.test_client.port
|
|
|
|
|
|
|
|
|
|
|
|
def test_request_server_port_in_host_header(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
2019-07-08 08:33:33 +01:00
|
|
|
request, response = app.test_client.get(
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
"/", headers={"Host": "my-server:5555"}
|
2019-07-08 08:33:33 +01:00
|
|
|
)
|
2019-07-04 13:13:43 +01:00
|
|
|
assert request.server_port == 5555
|
|
|
|
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request, response = app.test_client.get(
|
|
|
|
"/", headers={"Host": "[2a00:1450:400f:80c::200e]:5555"}
|
|
|
|
)
|
|
|
|
assert request.server_port == 5555
|
|
|
|
|
|
|
|
request, response = app.test_client.get(
|
|
|
|
"/", headers={"Host": "mal_formed:5555"}
|
|
|
|
)
|
|
|
|
assert request.server_port == app.test_client.port
|
|
|
|
|
2019-07-04 13:13:43 +01:00
|
|
|
|
|
|
|
def test_request_server_port_forwarded(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
app.config.PROXIES_COUNT = 1
|
2019-07-08 08:33:33 +01:00
|
|
|
request, response = app.test_client.get(
|
2019-10-23 17:12:20 +01:00
|
|
|
"/",
|
|
|
|
headers={
|
|
|
|
"Host": "my-server:5555",
|
|
|
|
"X-Forwarded-For": "127.1.2.3",
|
|
|
|
"X-Forwarded-Port": "4444",
|
|
|
|
},
|
2019-07-08 08:33:33 +01:00
|
|
|
)
|
2019-07-04 13:13:43 +01:00
|
|
|
assert request.server_port == 4444
|
|
|
|
|
|
|
|
|
2018-12-22 15:21:45 +00:00
|
|
|
def test_request_form_invalid_content_type(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
2018-12-30 11:18:06 +00:00
|
|
|
request, response = app.test_client.post("/", json={"test": "OK"})
|
2018-12-22 15:21:45 +00:00
|
|
|
|
|
|
|
assert request.form == {}
|
2018-12-31 11:40:07 +00:00
|
|
|
|
|
|
|
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
def test_server_name_and_url_for(app):
|
|
|
|
@app.get("/foo")
|
|
|
|
def handler(request):
|
|
|
|
return text("ok")
|
|
|
|
|
|
|
|
app.config.SERVER_NAME = "my-server"
|
|
|
|
assert app.url_for("handler", _external=True) == "http://my-server/foo"
|
|
|
|
request, response = app.test_client.get("/foo")
|
2019-10-23 17:12:20 +01:00
|
|
|
assert (
|
|
|
|
request.url_for("handler")
|
|
|
|
== f"http://my-server:{app.test_client.port}/foo"
|
|
|
|
)
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
|
|
|
|
app.config.SERVER_NAME = "https://my-server/path"
|
|
|
|
request, response = app.test_client.get("/foo")
|
|
|
|
url = f"https://my-server/path/foo"
|
|
|
|
assert app.url_for("handler", _external=True) == url
|
|
|
|
assert request.url_for("handler") == url
|
|
|
|
|
|
|
|
|
2019-07-04 13:13:43 +01:00
|
|
|
def test_url_for_with_forwarded_request(app):
|
|
|
|
@app.get("/")
|
|
|
|
def handler(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
@app.get("/another_view/")
|
|
|
|
def view_name(request):
|
|
|
|
return text("OK")
|
|
|
|
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
app.config.SERVER_NAME = "my-server"
|
|
|
|
app.config.PROXIES_COUNT = 1
|
2019-07-08 08:33:33 +01:00
|
|
|
request, response = app.test_client.get(
|
2019-10-23 17:12:20 +01:00
|
|
|
"/",
|
|
|
|
headers={
|
|
|
|
"X-Forwarded-For": "127.1.2.3",
|
|
|
|
"X-Forwarded-Proto": "https",
|
|
|
|
"X-Forwarded-Port": "6789",
|
|
|
|
},
|
2019-07-08 08:33:33 +01:00
|
|
|
)
|
|
|
|
assert app.url_for("view_name") == "/another_view"
|
|
|
|
assert (
|
|
|
|
app.url_for("view_name", _external=True)
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
== "http://my-server/another_view"
|
2019-07-08 08:33:33 +01:00
|
|
|
)
|
|
|
|
assert (
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
request.url_for("view_name") == "https://my-server:6789/another_view"
|
2019-07-08 08:33:33 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
request, response = app.test_client.get(
|
2019-10-23 17:12:20 +01:00
|
|
|
"/",
|
|
|
|
headers={
|
|
|
|
"X-Forwarded-For": "127.1.2.3",
|
|
|
|
"X-Forwarded-Proto": "https",
|
|
|
|
"X-Forwarded-Port": "443",
|
|
|
|
},
|
2019-07-08 08:33:33 +01:00
|
|
|
)
|
Forwarded headers and otherwise improved proxy handling (#1638)
* Added support for HTTP Forwarded header and combined parsing of other proxy headers.
- Accessible via request.forwarded that tries parse_forwarded and then parse_xforwarded
- parse_forwarded uses the Forwarded header, if config.FORWARDED_SECRET is provided and a matching header field is found
- parse_xforwarded uses X-Real-IP and X-Forwarded-* much alike the existing implementation
- This commit does not change existing request properties that still use the old code and won't make use of Forwarded headers.
* Use req.forwarded in req properties server_name, server_port, scheme and remote_addr.
X-Scheme handling moved to parse_xforwarded.
* Cleanup and fix req.server_port; no longer reports socket port if any forwards headers are used.
* Update docstrings to incidate that forwarded header is used first.
* Remove testing function.
* Fix tests and linting.
- One test removed due to change of semantics - no socket port will be used if any forwarded headers are in effect.
- Other tests augmented with X-Forwarded-For, to allow the header being tested take effect (shouldn't affect old implementation).
* Try to workaround buggy tools complaining about incorrect ordering of imports.
* Cleanup forwarded processing, add comments. secret is now also returned.
* Added tests, fixed quoted string handling, cleanup.
* Further tests for full coverage.
* Try'n make linter happy.
* Add support for multiple Forwarded headers. Unify parse_forwarded parameters with parse_xforwarded.
* Implement multiple headers support for X-Forwarded-For.
- Previously only the first header was used, so this BUGFIX may affect functionality.
* Bugfix for request.server_name: strip port and other parts.
- request.server_name docs claim that it returns the hostname only (no port).
- config.SERVER_NAME may be full URL, so strip scheme, port and path
- HTTP Host and consequently forwarded Host may include port number, so
strip that also for forwarded hosts (previously only done for HTTP Host).
- Possible performance benefit of limiting to one split.
* Fallback to app.url_for and let it handle SERVER_NAME if defined (until a proper solution is implemented).
* Revise previous commit. Only fallback for full URL SERVER_NAMEs; allows host to be defined and proxied information still being used.
* Heil lintnazi.
* Modify testcase not to use underscores in URLs. Use hyphens which the spec allows for.
* Forwarded and Host header parsing improved.
- request.forwarded lowercases hosts, separates host:port into their own fields and lowercases addresses
- forwarded.parse_host helper function added and used for parsing all host-style headers (IPv6 cannot be simply split(":")).
- more tests fixed not to use underscores in hosts as those are no longer accepted and lead to the field being rejected
* Fixed typo in docstring.
* Added IPv6 address tests for Host header.
* Fix regex.
* Further tests and stricter forwarded handling.
* Fix merge commit
* Linter
* Linter
* Linter
* Add to avoid re-using the variable. Make a few raw strings non-raw.
* Remove unnecessary or
* Updated docs (work in progress).
* Enable REAL_IP_HEADER parsing irregardless of PROXIES_COUNT setting.
- Also cleanup and added comments
* New defaults for PROXIES_COUNT and REAL_IP_HEADER, updated tests.
* Remove support for PROXIES_COUNT=-1.
* Linter errors.
- This is getting ridiculous: cannot fit an URL on one line, linter requires
splitting the string literal!
* Add support for by=_proxySecret, updated docs, updated tests.
* Forwarded headers' semantics tuning.
- Forwarded host is now preserved in original format
- request.host now returns a forwarded host if available, else the Host header
- Forwarded options are preserved in original order, and later keys override earlier ones
- Forwarded path is automatically URL-unquoted
- Forwarded 'by' and 'for' are omitted if their value is unknown
- Tests modified accordingly
- Cleanup and improved documentation
* Add ASGI test.
* Linter
* Linter #2
2019-09-02 14:50:56 +01:00
|
|
|
assert request.url_for("view_name") == "https://my-server/another_view"
|
2019-07-08 08:33:33 +01:00
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_request_form_invalid_content_type_asgi(app):
|
|
|
|
@app.route("/", methods=["POST"])
|
|
|
|
async def post(request):
|
|
|
|
return text("OK")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.post("/", json={"test": "OK"})
|
|
|
|
|
|
|
|
assert request.form == {}
|
|
|
|
|
2019-07-08 08:33:33 +01:00
|
|
|
|
2018-12-31 11:40:07 +00:00
|
|
|
def test_endpoint_basic():
|
|
|
|
app = Sanic()
|
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
def my_unique_handler(request):
|
|
|
|
return text("Hello")
|
|
|
|
|
|
|
|
request, response = app.test_client.get("/")
|
|
|
|
|
|
|
|
assert request.endpoint == "test_requests.my_unique_handler"
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_endpoint_basic_asgi():
|
|
|
|
app = Sanic()
|
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
def my_unique_handler(request):
|
|
|
|
return text("Hello")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
|
|
|
assert request.endpoint == "test_requests.my_unique_handler"
|
|
|
|
|
|
|
|
|
2018-12-31 11:40:07 +00:00
|
|
|
def test_endpoint_named_app():
|
|
|
|
app = Sanic("named")
|
|
|
|
|
|
|
|
@app.route("/")
|
2017-10-17 06:40:21 +01:00
|
|
|
def my_unique_handler(request):
|
2018-12-31 11:40:07 +00:00
|
|
|
return text("Hello")
|
|
|
|
|
|
|
|
request, response = app.test_client.get("/")
|
|
|
|
|
|
|
|
assert request.endpoint == "named.my_unique_handler"
|
|
|
|
|
|
|
|
|
2019-06-04 08:58:00 +01:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_endpoint_named_app_asgi():
|
|
|
|
app = Sanic("named")
|
|
|
|
|
|
|
|
@app.route("/")
|
|
|
|
def my_unique_handler(request):
|
|
|
|
return text("Hello")
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/")
|
|
|
|
|
|
|
|
assert request.endpoint == "named.my_unique_handler"
|
|
|
|
|
|
|
|
|
2018-12-31 11:40:07 +00:00
|
|
|
def test_endpoint_blueprint():
|
|
|
|
bp = Blueprint("my_blueprint", url_prefix="/bp")
|
|
|
|
|
|
|
|
@bp.route("/")
|
|
|
|
async def bp_root(request):
|
|
|
|
return text("Hello")
|
|
|
|
|
|
|
|
app = Sanic("named")
|
|
|
|
app.blueprint(bp)
|
2017-10-17 06:40:21 +01:00
|
|
|
|
2018-12-31 11:40:07 +00:00
|
|
|
request, response = app.test_client.get("/bp")
|
2017-10-17 06:40:21 +01:00
|
|
|
|
2018-12-31 11:40:07 +00:00
|
|
|
assert request.endpoint == "named.my_blueprint.bp_root"
|
2019-06-04 08:58:00 +01:00
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
|
|
async def test_endpoint_blueprint_asgi():
|
|
|
|
bp = Blueprint("my_blueprint", url_prefix="/bp")
|
|
|
|
|
|
|
|
@bp.route("/")
|
|
|
|
async def bp_root(request):
|
|
|
|
return text("Hello")
|
|
|
|
|
|
|
|
app = Sanic("named")
|
|
|
|
app.blueprint(bp)
|
|
|
|
|
|
|
|
request, response = await app.asgi_client.get("/bp")
|
|
|
|
|
|
|
|
assert request.endpoint == "named.my_blueprint.bp_root"
|
2019-11-01 17:32:49 +00:00
|
|
|
|
|
|
|
|
|
|
|
def test_url_for_without_server_name(app):
|
|
|
|
@app.route("/sample")
|
|
|
|
def sample(request):
|
|
|
|
return json({"url": request.url_for("url_for")})
|
|
|
|
|
|
|
|
@app.route("/url-for")
|
|
|
|
def url_for(request):
|
|
|
|
return text("url-for")
|
|
|
|
|
|
|
|
request, response = app.test_client.get("/sample")
|
|
|
|
assert (
|
|
|
|
response.json["url"]
|
|
|
|
== f"http://127.0.0.1:{app.test_client.port}/url-for"
|
|
|
|
)
|