X-Forwarded-For improvements and bug fixes (#15204)

* Use new trusted_proxies setting for X-Forwarded-For whitelist * Only use the last IP in the header Per Wikipedia (https://en.wikipedia.org/wiki/X-Forwarded-For#Format): > The last IP address is always the IP address that connects to the last proxy, > which means it is the most reliable source of information. * Add two additional tests * Ignore nonsense header values instead of failing
2018-06-29 16:27:06 -04:00 · 2018-06-29 16:27:06 -04:00 · fd38caa287
commit fd38caa287
parent c61a652c90
5 changed files with 67 additions and 9 deletions
--- a/tests/scripts/test_check_config.py
+++ b/tests/scripts/test_check_config.py
@ -160,6 +160,7 @@ class TestCheckConfig(unittest.TestCase):
                'server_host': '0.0.0.0',
                'server_port': 8123,
                'trusted_networks': [],
+                'trusted_proxies': [],
                'use_x_forwarded_for': False}
            assert res['secret_cache'] == {secrets_path: {'http_pw': 'abc123'}}
            assert res['secrets'] == {'http_pw': 'abc123'}