Rooba
/
tornado
mirror of https://github.com/tornadoweb/tornado.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'davidwilemski/xheaders-xss' into work

This commit is contained in:
Ben Darnell 2012-01-01 22:26:12 -08:00
parent ac9902cbe3 4f64fbe99b
commit 5650d90747
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
tornado/httpserver.py
View File

@ -322,7 +322,7 @@ class HTTPRequest(object):
.. attribute:: protocol .. attribute:: protocol
The protocol used, either "http" or "https". If `HTTPServer.xheaders` The protocol used, either "http" or "https". If `HTTPServer.xheaders`
is seet, will pass along the protocol used by a load balancer if is set, will pass along the protocol used by a load balancer if
reported via an ``X-Scheme`` header. reported via an ``X-Scheme`` header.
.. attribute:: host .. attribute:: host
@ -362,6 +362,8 @@ class HTTPRequest(object):
# Squid uses X-Forwarded-For, others use X-Real-Ip # Squid uses X-Forwarded-For, others use X-Real-Ip
self.remote_ip = self.headers.get( self.remote_ip = self.headers.get(
"X-Real-Ip", self.headers.get("X-Forwarded-For", remote_ip)) "X-Real-Ip", self.headers.get("X-Forwarded-For", remote_ip))
if not self.__valid_ip(self.remote_ip):
self.remote_ip = remote_ip
# AWS uses X-Forwarded-Proto # AWS uses X-Forwarded-Proto
self.protocol = self.headers.get( self.protocol = self.headers.get(
"X-Scheme", self.headers.get("X-Forwarded-Proto", protocol)) "X-Scheme", self.headers.get("X-Forwarded-Proto", protocol))
@ -457,3 +459,14 @@ class HTTPRequest(object):
args = ", ".join(["%s=%r" % (n, getattr(self, n)) for n in attrs]) args = ", ".join(["%s=%r" % (n, getattr(self, n)) for n in attrs])
return "%s(%s, headers=%s)" % ( return "%s(%s, headers=%s)" % (
self.__class__.__name__, args, dict(self.headers)) self.__class__.__name__, args, dict(self.headers))
def __valid_ip(self, ip):
try:
address = socket.inet_pton(socket.AF_INET, ip)
except socket.error:
try:
address = socket.inet_pton(socket.AF_INET6, ip)
except socket.error:
return False
return True