http: reimplement X-Forwarded-For parsing (#4355)

This feature needs to be enabled through the `http.use_x_forwarded_for` option, satisfying security concerns of spoofed remote addresses in untrusted network environments. The testsuite was enhanced to explicitly test the functionality of the header. Fixes #4265. Signed-off-by: Martin Weinelt <hexa@darmstadt.ccc.de>
2016-11-13 01:14:39 +01:00 · 2016-11-13 01:14:39 +01:00 · e73634e6c7
commit e73634e6c7
parent 3d47ad5018
5 changed files with 47 additions and 13 deletions
--- a/tests/scripts/test_check_config.py
+++ b/tests/scripts/test_check_config.py
@ -165,7 +165,8 @@ class TestCheckConfig(unittest.TestCase):

            self.assertDictEqual({
                'components': {'http': {'api_password': 'abc123',
-                                        'server_port': 8123}},
+                                        'server_port': 8123,
+                                        'use_x_forwarded_for': False}},
                'except': {},
                'secret_cache': {secrets_path: {'http_pw': 'abc123'}},
                'secrets': {'http_pw': 'abc123'},