Message227564
FWIW we probably need to capture the original unaltered URL somewhere, but also ensure that PATH_INFO is always a relative path.
One should be able to implement a proxy in WSGI (because thats just another specialised app), and doing that today requires special handling depending on the WSGI container, which isn't great for consistency.
On security; Host header <-> url host mismatches occur when the host to which a request is sent != the url; this is expected only in the case of forward proxies: any other time it would indeed be a smuggling attack, trying to find mismatches between acls and access in servers - this is another reason to consolidate things so that wsgi apps can rely on urls looking consistent. |
|
Date |
User |
Action |
Args |
2014-09-25 18:50:11 | rbcollins | set | recipients:
+ rbcollins, gvanrossum, pje, mouad |
2014-09-25 18:50:11 | rbcollins | set | messageid: <1411671011.36.0.462246822035.issue21472@psf.upfronthosting.co.za> |
2014-09-25 18:50:11 | rbcollins | link | issue21472 messages |
2014-09-25 18:50:11 | rbcollins | create | |
|