Skip to content

Commit

Permalink
Merge pull request #370 from Yourun-proger/del_warnings
Browse files Browse the repository at this point in the history
Set `clear_untrusted_proxy_headers` parameter to `True` by default
  • Loading branch information
digitalresistor authored Mar 19, 2022
2 parents 9e0b8c8 + 131838f commit 603d2c1
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 31 deletions.
6 changes: 5 additions & 1 deletion docs/arguments.rst
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,11 @@ clear_untrusted_proxy_headers
"X-Forwared-For", "X-Forwarded-By", "X-Forwarded-Host", "X-Forwarded-Port",
"X-Forwarded-Proto") not explicitly allowed by ``trusted_proxy_headers``.

Default: ``False``
Default: ``True``

.. versionchanged:: 2.1.2
In this version default value is set to ``True`` and deprecation warning
doesn't show up anymore.

.. versionadded:: 1.2.0

Expand Down
18 changes: 2 additions & 16 deletions src/waitress/adjustments.py
Original file line number Diff line number Diff line change
Expand Up @@ -95,10 +95,6 @@ class _int_marker(int):
pass


class _bool_marker:
pass


class Adjustments:
"""This class contains tunable parameters."""

Expand Down Expand Up @@ -180,9 +176,8 @@ class Adjustments:
# proxy server to filter invalid headers
log_untrusted_proxy_headers = False

# Should waitress clear any proxy headers that are not deemed trusted from
# the environ? Change to True by default in 2.x
clear_untrusted_proxy_headers = _bool_marker
# Changed this parameter to True by default in 2.x
clear_untrusted_proxy_headers = True

# default ``wsgi.url_scheme`` value
url_scheme = "http"
Expand Down Expand Up @@ -445,15 +440,6 @@ def __init__(self, **kw):
)
self.trusted_proxy_headers = {"x-forwarded-proto"}

if self.clear_untrusted_proxy_headers is _bool_marker:
warnings.warn(
"In future versions of Waitress clear_untrusted_proxy_headers will be "
"set to True by default. You may opt-out by setting this value to "
"False, or opt-in explicitly by setting this to True.",
DeprecationWarning,
)
self.clear_untrusted_proxy_headers = False

self.listen = wanted_sockets

self.check_sockets(self.sockets)
Expand Down
14 changes: 0 additions & 14 deletions tests/test_adjustments.py
Original file line number Diff line number Diff line change
Expand Up @@ -354,20 +354,6 @@ def test_no_trusted_proxy_headers_trusted_proxy(self):
self.assertTrue(issubclass(w[0].category, DeprecationWarning))
self.assertIn("Implicitly trusting X-Forwarded-Proto", str(w[0]))

def test_clear_untrusted_proxy_headers(self):
with warnings.catch_warnings(record=True) as w:
warnings.resetwarnings()
warnings.simplefilter("always")
self._makeOne(
trusted_proxy="localhost", trusted_proxy_headers={"x-forwarded-for"}
)

self.assertGreaterEqual(len(w), 1)
self.assertTrue(issubclass(w[0].category, DeprecationWarning))
self.assertIn(
"clear_untrusted_proxy_headers will be set to True", str(w[0])
)

def test_deprecated_send_bytes(self):
with warnings.catch_warnings(record=True) as w:
warnings.resetwarnings()
Expand Down

0 comments on commit 603d2c1

Please sign in to comment.