Mercurial Mercurial > pub > hg > cubicweb / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
DeprecationWarning: In future versions of Waitress clear_untrusted_proxy_headers will be set to True by default. You may opt-out by setting this value to False, or opt-in explicitly by setting this to True.
authorLaurent Peuch <cortex@worlddomination.be>
Wed, 08 May 2019 21:37:13 +0200
changeset 12590 a5d7fcde74c9
parent 12589 85f82900f1c3
child 12591 f5f83d72ba8d
DeprecationWarning: In future versions of Waitress clear_untrusted_proxy_headers will be set to True by default. You may opt-out by setting this value to False, or opt-in explicitly by setting this to True. Source: https://docs.pylonsproject.org/projects/waitress/en/stable/arguments.html?highlight=clear_untrusted_proxy_headers > This tells Waitress to remove any untrusted proxy headers ("Forwarded", > "X-Forwared-For", "X-Forwarded-By", "X-Forwarded-Host", "X-Forwarded-Port", > "X-Forwarded-Proto") not explicitly allowed by trusted_proxy_headers. According to grep we don't use any of those headers so let's turn it on for security reasons.
cubicweb/pyramid/pyramidctl.py file | annotate | diff | comparison | revisions 
--- a/cubicweb/pyramid/pyramidctl.py	Wed May 08 21:30:44 2019 +0200
+++ b/cubicweb/pyramid/pyramidctl.py	Wed May 08 21:37:13 2019 +0200
@@ -388,7 +388,8 @@
             'anymore; use the standalone "scheduler" command if needed'
         )
         try:
-            waitress.serve(app, host=host, port=port, url_scheme=url_scheme)
+            waitress.serve(app, host=host, port=port, url_scheme=url_scheme,
+                           clear_untrusted_proxy_headers=True)
         finally:
             repo.shutdown()
         if self._needreload:
cubicweb