#26037: HttpRequest._get_raw_host() uses either HTTP_X_FORWARDED_HOST or HTTP_X_FORWARDED_PORT => should use both -------------------------------+-------------------- Reporter: benoitbryon | Owner: nobody Type: Bug | Status: new Component: Uncategorized | Version: 1.9 Severity: Normal | Keywords: Triage Stage: Unreviewed | Has patch: 0 Easy pickings: 0 | UI/UX: 0 -------------------------------+-------------------- Situation is Django running behind a reverse proxy such as:
* Django settings declare `USE_X_FORWARDED_HOST = True` and `USE_X_FORWARDED_PORT = True` * reverse proxy passes headers `X-Forwarded-Host` and `X-Forwarded-Port`. Say host "example.com" and port "8080" for example. I was expecting `request.get_absolute_uri()` to use both forwarded host and port. Or more precisely, I was expecting `request.get_host()` to return "example.com:8080" with the example above. But I get "example.com" only, without mention of the forwarded port. As of Django version 1.9, it seems that, given `settings.USE_X_FORWARDED_HOST` is True, then `request.get_host()` takes only `X-Forwarded-Host` into account and ignores `X-Forwarded-Port`. I guess issue comes from `HttpRequest._raw_host()` which doesn't use `HttpRequest.get_port()` in the case `settings.USE_X_FORWARDED_HOST` is True. References: * `HttpRequest.get_host()`: https://github.com/django/django/blob/b0c56b895fd2694d7f5d4595bdbbc41916607f45/django/http/request.py#L72-L89 * `HttpRequest.get_port()`: https://github.com/django/django/blob/b0c56b895fd2694d7f5d4595bdbbc41916607f45/django/http/request.py#L110-L116 * `settings.USE_X_FORWARDED_PORT` was introduced by https://code.djangoproject.com/ticket/25211 -- Ticket URL: <https://code.djangoproject.com/ticket/26037> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/054.051b022d7d0fb2cc95af0d718202e108%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.