Fix X-Forwarded-For not properly handling ports#2809
Open
veeceey wants to merge 4 commits intoKludex:mainfrom
Open
Fix X-Forwarded-For not properly handling ports#2809veeceey wants to merge 4 commits intoKludex:mainfrom
veeceey wants to merge 4 commits intoKludex:mainfrom
Conversation
veeceey
force-pushed
the
fix/issue-2789
branch
2 times, most recently
from
d6f3d96 to
9a701f1
Compare
The proxy headers middleware now correctly parses port numbers from X-Forwarded-For entries (e.g. "1.2.3.4:1024", "[::1]:8080") instead of blindly appending ":0", which previously produced malformed client addresses like "1.2.3.4:1024:0". Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Move the `_parse_host_port` import from mid-file (line 500) to the existing import block at the top of the test file, fixing the ruff E402 "Module level import not at top of file" error that caused all 18 CI matrix jobs to fail. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds test case for `[::1]:abc` to cover the ValueError/IndexError exception handler in `_parse_host_port()`, fixing the coverage gap on lines 85-86.
veeceey
force-pushed
the
fix/issue-2789
branch
from
9a701f1 to
7ca5cb3
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #2789.
_parse_host_port()helper to properly extract host and port fromX-Forwarded-Forentries, handling IPv4 with port (1.2.3.4:1024), bracketed IPv6 with port ([::1]:8080), bare addresses, and edge casesget_trusted_client_host()to use the helper so trust checking works correctly for entries with ports (previously1.2.3.4:1024failedipaddress.ip_address()and fell through to literal matching)ProxyHeadersMiddleware.__call__()to use the parsed port inscope["client"]instead of always hardcoding0Before this fix, an
X-Forwarded-Forvalue of1.2.3.4:1024would producescope["client"] = ("1.2.3.4:1024", 0). After this fix, it correctly producesscope["client"] = ("1.2.3.4", 1024).Test plan
_parse_host_port()covering IPv4, IPv4+port, bare IPv6, bracketed IPv6+port, edge casesX-Forwarded-Forwith ports across trust scenarios (always trust, trusted proxy, untrusted proxy, multiple proxies, trusted networks)