Skip to content

Commit a1783d8

Browse files
theyashlKludex
theyashl
and
Kludex
authored
Add support for [*] in trusted hosts (#2480)
* fixed trusted host parsing for always trust case * Update uvicorn/middleware/proxy_headers.py * added test case for trust everything using list --------- Co-authored-by: Marcelo Trylesinski <[email protected]>
1 parent 6ffaaf7 commit a1783d8

File tree

2 files changed

+6
-2
lines changed

2 files changed

+6
-2
lines changed

tests/middleware/test_proxy_headers.py

+5-1
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,7 @@ def make_httpx_client(
5656
# of the _TrustedHosts.__init__ method.
5757
_TRUSTED_NOTHING: list[str] = []
5858
_TRUSTED_EVERYTHING = "*"
59+
_TRUSTED_EVERYTHING_LIST = ["*"]
5960
_TRUSTED_IPv4_ADDRESSES = "127.0.0.1, 10.0.0.1"
6061
_TRUSTED_IPv4_NETWORKS = ["127.0.0.0/8", "10.0.0.0/8"]
6162
_TRUSTED_IPv6_ADDRESSES = [
@@ -65,7 +66,7 @@ def make_httpx_client(
6566
"::11.22.33.44", # This is a dual address
6667
]
6768
_TRUSTED_IPv6_NETWORKS = "2001:db8:abcd:0012::0/64"
68-
_TRUSTED_LITERALS = "some-literal , unix:///foo/bar , /foo/bar"
69+
_TRUSTED_LITERALS = "some-literal , unix:///foo/bar , /foo/bar, garba*gewith*"
6970

7071

7172
@pytest.mark.parametrize(
@@ -122,6 +123,7 @@ def make_httpx_client(
122123
(_TRUSTED_EVERYTHING, "192.168.0.0", True),
123124
(_TRUSTED_EVERYTHING, "192.168.0.1", True),
124125
(_TRUSTED_EVERYTHING, "1.1.1.1", True),
126+
(_TRUSTED_EVERYTHING_LIST, "1.1.1.1", True),
125127
# Test IPv6 Addresses
126128
(_TRUSTED_EVERYTHING, "2001:db8::", True),
127129
(_TRUSTED_EVERYTHING, "2001:db8:abcd:0012::0", True),
@@ -136,6 +138,7 @@ def make_httpx_client(
136138
(_TRUSTED_EVERYTHING, "::b16:212c", True), # aka ::11.22.33.44
137139
(_TRUSTED_EVERYTHING, "a:b:c:d::", True),
138140
(_TRUSTED_EVERYTHING, "::a:b:c:d", True),
141+
(_TRUSTED_EVERYTHING_LIST, "::a:b:c:d", True),
139142
# Test Literals
140143
(_TRUSTED_EVERYTHING, "some-literal", True),
141144
(_TRUSTED_EVERYTHING, "unix:///foo/bar", True),
@@ -145,6 +148,7 @@ def make_httpx_client(
145148
(_TRUSTED_EVERYTHING, "unix:///another/path", True),
146149
(_TRUSTED_EVERYTHING, "/another/path", True),
147150
(_TRUSTED_EVERYTHING, "", True),
151+
(_TRUSTED_EVERYTHING_LIST, "", True),
148152
## Trust IPv4 Addresses
149153
## -----------------------------
150154
# Test IPv4 Addresses

uvicorn/middleware/proxy_headers.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ class _TrustedHosts:
6868
"""Container for trusted hosts and networks"""
6969

7070
def __init__(self, trusted_hosts: list[str] | str) -> None:
71-
self.always_trust: bool = trusted_hosts == "*"
71+
self.always_trust: bool = trusted_hosts in ("*", ["*"])
7272

7373
self.trusted_literals: set[str] = set()
7474
self.trusted_hosts: set[ipaddress.IPv4Address | ipaddress.IPv6Address] = set()

0 commit comments

Comments
 (0)