[Django] #30729: Forwarded Header

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[Django] #30729: Forwarded Header

Django
#30729: Forwarded Header
-----------------------------------------+------------------------
               Reporter:  Ben Stähli     |          Owner:  nobody
                   Type:  Uncategorized  |         Status:  new
              Component:  Uncategorized  |        Version:  2.2
               Severity:  Normal         |       Keywords:
           Triage Stage:  Unreviewed     |      Has patch:  0
    Needs documentation:  0              |    Needs tests:  0
Patch needs improvement:  0              |  Easy pickings:  0
                  UI/UX:  0              |
-----------------------------------------+------------------------
 As seen here https://developer.mozilla.org/en-
 US/docs/Web/HTTP/Headers/Forwarded the Forwarded header seems to become
 the new and standardized way to define the forwarded ip/protocol when
 using a proxy. And to superseed the existing X-Forwarded-
 For/Proto/Protocol/etc headers.

 A quick glimpse in into the code looks like currently there is still the
 "legacy" approach used. Are there any plans to use the new header?

--
Ticket URL: <https://code.djangoproject.com/ticket/30729>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/050.7717646f90d859791e12653f290b562e%40djangoproject.com.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30729: Forwarded Header

Django
#30729: Forwarded Header
-------------------------------+--------------------------------------
     Reporter:  Ben Stähli     |                    Owner:  nobody
         Type:  Uncategorized  |                   Status:  new
    Component:  Uncategorized  |                  Version:  2.2
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Unreviewed
    Has patch:  0              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  0
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+--------------------------------------
Description changed by Ben Stähli:

Old description:

> As seen here https://developer.mozilla.org/en-
> US/docs/Web/HTTP/Headers/Forwarded the Forwarded header seems to become
> the new and standardized way to define the forwarded ip/protocol when
> using a proxy. And to superseed the existing X-Forwarded-
> For/Proto/Protocol/etc headers.
>
> A quick glimpse in into the code looks like currently there is still the
> "legacy" approach used. Are there any plans to use the new header?

New description:

 As seen here https://developer.mozilla.org/en-
 US/docs/Web/HTTP/Headers/Forwarded the Forwarded header seems to become
 the new and standardized way to define the forwarded ip/protocol when
 using a proxy. And to superseed the existing (well established) X
 -Forwarded-For/Proto/Protocol/etc headers.

 A quick glimpse in into the code looks like currently there is still the
 "legacy" approach used. Are there any plans to use the new header?

--

--
Ticket URL: <https://code.djangoproject.com/ticket/30729#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.96b943b3dc7a41ef271a6039026c8e31%40djangoproject.com.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30729: Add support for the RFC 7239 Forwarded header (was: Forwarded Header)

Django
In reply to this post by Django
#30729: Add support for the RFC 7239 Forwarded header
-------------------------------+--------------------------------------
     Reporter:  Ben Stähli     |                    Owner:  nobody
         Type:  Uncategorized  |                   Status:  new
    Component:  Uncategorized  |                  Version:  2.2
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Unreviewed
    Has patch:  0              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  0
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+--------------------------------------

Comment (by Claude Paroz):

 Can you tell us a bit more about the current adoption state of this
 header?

--
Ticket URL: <https://code.djangoproject.com/ticket/30729#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.2b6b6030fe1f3b693aad32a367f010ee%40djangoproject.com.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30729: Add support for the RFC 7239 Forwarded header

Django
In reply to this post by Django
#30729: Add support for the RFC 7239 Forwarded header
-------------------------------+--------------------------------------
     Reporter:  Ben Stähli     |                    Owner:  nobody
         Type:  Uncategorized  |                   Status:  new
    Component:  Uncategorized  |                  Version:  2.2
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Unreviewed
    Has patch:  0              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  0
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+--------------------------------------

Comment (by Ben Stähli):

 Not really. But it would be a good thing to go ahead and support it,
 otherwise it will never be adopted. Also, it is an RFC, so I guess it will
 probably become the new standard. Tomorrow, or in some years only, who
 knows.

 A quick research shows that some frameworks are discussing it.

 -
 https://duckduckgo.com/?q=is+RFC-7239+forwarded+support&t=canonical&ia=web
 - https://github.com/aspnet/AspNetCore/issues/5978
 - https://issues.jboss.org/browse/UNDERTOW-1207?_sscc=t
 - http://tomcat.10.x6.nabble.com/Bug-63080-New-Support-rfc7239-Forwarded-
 header-td5081951.html
 - https://groups.google.com/forum/#!msg/golang-
 nuts/wc45kx0bsr8/BX1Dds8cAwAJ

--
Ticket URL: <https://code.djangoproject.com/ticket/30729#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.8b1d32789d79fd16cf9a247645d5019c%40djangoproject.com.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #30729: Add support for the RFC 7239 Forwarded header

Django
In reply to this post by Django
#30729: Add support for the RFC 7239 Forwarded header
-------------------------------+-----------------------------------------
     Reporter:  Ben Stähli     |                    Owner:  nobody
         Type:  New feature    |                   Status:  new
    Component:  HTTP handling  |                  Version:  2.2
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Someday/Maybe
    Has patch:  0              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  0
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+-----------------------------------------
Changes (by Carlton Gibson):

 * component:  Uncategorized => HTTP handling
 * type:  Uncategorized => New feature
 * stage:  Unreviewed => Someday/Maybe


Comment:

 I'm tempted to say `needsinfo` here, but, yes there's the RFC so I guess
 we should pick it up at some point.

 A case insenstive search for `x[-_]forwarded` doesn't turn up too many
 results, so in theory it's easy enough... **but** we'd need to think about
 supporting both approaches, probably indefinitely, and provide decent
 documentation around that, and a migration to the new header from the old
 (ones).

 I'd like to see some detail on all that before we say "Yes, let's go!
 ''Accepted''". As such we'll call it ''Someday/Maybe'' for now. (Happy to
 see more detail and/or an adjustment if someone wants to push it forward.)

--
Ticket URL: <https://code.djangoproject.com/ticket/30729#comment:4>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.68db83311ce23a9b096b70d1dabb41b5%40djangoproject.com.