Robert Collins added the comment: FWIW we probably need to capture the original unaltered URL somewhere, but also ensure that PATH_INFO is always a relative path.
One should be able to implement a proxy in WSGI (because thats just another specialised app), and doing that today requires special handling depending on the WSGI container, which isn't great for consistency. On security; Host header <-> url host mismatches occur when the host to which a request is sent != the url; this is expected only in the case of forward proxies: any other time it would indeed be a smuggling attack, trying to find mismatches between acls and access in servers - this is another reason to consolidate things so that wsgi apps can rely on urls looking consistent. ---------- nosy: +rbcollins _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue21472> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com