proto_header = headers.get(
"X-Scheme", headers.get("X-Forwarded-Proto",
self.protocol))
+ if proto_header:
+ # use only the last proto entry if there is more than one
+ # TODO: support trusting mutiple layers of proxied protocol
+ proto_header = proto_header.split(',')[-1].strip()
if proto_header in ("http", "https"):
self.protocol = proto_header
self.fetch_json("/", headers=https_forwarded)["remote_protocol"],
"https")
+ https_multi_forwarded = {"X-Forwarded-Proto": "https , http"}
+ self.assertEqual(
+ self.fetch_json("/", headers=https_multi_forwarded)["remote_protocol"],
+ "http")
+
+ http_multi_forwarded = {"X-Forwarded-Proto": "http,https"}
+ self.assertEqual(
+ self.fetch_json("/", headers=http_multi_forwarded)["remote_protocol"],
+ "https")
+
bad_forwarded = {"X-Forwarded-Proto": "unknown"}
self.assertEqual(
self.fetch_json("/", headers=bad_forwarded)["remote_protocol"],
projects / thirdparty / tornado.git / commitdiff
