> On Mar 20, 2017, at 11:30 AM, Tom Most <tomm...@gmail.com> wrote:
>
> If Twisted is to support this in any way, I think that it should be opt-in
> support for the Forwarded header as specified in RFC 7239. This should be a
> parameter applicable to all of twisted.web.server rather than per-method
> call, since it's something the administrator needs to set.
>
I'm generally in agreement with this. Further, we should probably have some
notion of authentication, i.e. Site(..., trustForwardedForFrom=[...]), where
[...] could be, let's say a twisted.internet.ssl.Certificate representing a
client CA to check client connections from, or a list of
twisted.internet.address.IPv4Address objects naming servers on a network we can
trust. Effectively building in authentication to this layer is important (and
since twisted is a web _server_ and not a web framework, more generally
possible than e.g. Django).
-glyph
_______________________________________________
Twisted-web mailing list
Twisted-web@twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web