#9064: Redirect is broken when HTTP_X_FORWARDED_HOST contains multiple hosts
------------------------------------+---------------------------------------
Reporter: Artur | Owner: nobody
Status: new | Milestone:
Component: HTTP handling | Version: 1.0
Resolution: | Keywords:
Stage: Accepted | Has_patch: 1
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 1 |
------------------------------------+---------------------------------------
Comment (by mtredinnick):
We really shouldn't be using this header to compute redirects at all. if
the hostname has been changed as part of the transmission process, it's up
to the servers doing the changing to do rewrites on the way out as well.
The best solution here is to ditch it altogether. Systems relying on this
are arguably broken. Not holding my breath, though, since some people seem
to like.
Note, also, there was a huge thread about the complete lack of
standardisation and variance in behaviour for the X-FORWARDED-HOST header
two or three years ago on django-dev. [http://groups.google.com/group
/django-developers/browse_thread/thread/b3b2deb687a3e885 Here's one
thread], although I have a memory there was another as well at some point.
Unsurprising that it's confusing, since it's an "X-*" header (totally non-
standard).
--
Ticket URL: <http://code.djangoproject.com/ticket/9064#comment:5>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
