-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Parser of the Forwarded header ignores the port number #3009
Comments
Good finding! |
gjcarneiro
pushed a commit
to gjcarneiro/aiohttp
that referenced
this issue
May 18, 2018
5 tasks
gjcarneiro
pushed a commit
to gjcarneiro/aiohttp
that referenced
this issue
May 18, 2018
gjcarneiro
pushed a commit
to gjcarneiro/aiohttp
that referenced
this issue
May 18, 2018
gjcarneiro
pushed a commit
to gjcarneiro/aiohttp
that referenced
this issue
May 18, 2018
asvetlov
pushed a commit
that referenced
this issue
May 18, 2018
kornicameister
referenced
this issue
in kornicameister/korni-stats-collector
Jun 7, 2018
This PR updates [aiohttp](https://pypi.org/project/aiohttp) from **3.2.1** to **3.3.1**. <details> <summary>Changelog</summary> ### 3.3.0 ``` ================== Features -------- - Raise ``ConnectionResetError`` instead of ``CancelledError`` on trying to write to a closed stream. (`2499 <https://github.com/aio-libs/aiohttp/pull/2499>`_) - Implement ``ClientTimeout`` class and support socket read timeout. (`2768 <https://github.com/aio-libs/aiohttp/pull/2768>`_) - Enable logging when ``aiohttp.web`` is used as a program (`2956 <https://github.com/aio-libs/aiohttp/pull/2956>`_) - Add canonical property to resources (`2968 <https://github.com/aio-libs/aiohttp/pull/2968>`_) - Forbid reading response BODY after release (`2983 <https://github.com/aio-libs/aiohttp/pull/2983>`_) - Implement base protocol class to avoid a dependency from internal ``asyncio.streams.FlowControlMixin`` (`2986 <https://github.com/aio-libs/aiohttp/pull/2986>`_) - Cythonize ``helpers.reify``, 5% boost on macro benchmark (`2995 <https://github.com/aio-libs/aiohttp/pull/2995>`_) - Optimize HTTP parser (`3015 <https://github.com/aio-libs/aiohttp/pull/3015>`_) - Implement ``runner.addresses`` property. (`3036 <https://github.com/aio-libs/aiohttp/pull/3036>`_) - Use ``bytearray`` instead of a list of ``bytes`` in websocket reader. It improves websocket message reading a little. (`3039 <https://github.com/aio-libs/aiohttp/pull/3039>`_) - Remove heartbeat on closing connection on keepalive timeout. The used hack violates HTTP protocol. (`3041 <https://github.com/aio-libs/aiohttp/pull/3041>`_) - Limit websocket message size on reading to 4 MB by default. (`3045 <https://github.com/aio-libs/aiohttp/pull/3045>`_) Bugfixes -------- - Don't reuse a connection with the same URL but different proxy/TLS settings (`2981 <https://github.com/aio-libs/aiohttp/pull/2981>`_) - When parsing the Forwarded header, the optional port number is now preserved. (`3009 <https://github.com/aio-libs/aiohttp/pull/3009>`_) Improved Documentation ---------------------- - Make Change Log more visible in docs (`3029 <https://github.com/aio-libs/aiohttp/pull/3029>`_) - Make style and grammar improvements on the FAQ page. (`3030 <https://github.com/aio-libs/aiohttp/pull/3030>`_) - Document that signal handlers should be async functions since aiohttp 3.0 (`3032 <https://github.com/aio-libs/aiohttp/pull/3032>`_) Deprecations and Removals ------------------------- - Deprecate custom application's router. (`3021 <https://github.com/aio-libs/aiohttp/pull/3021>`_) Misc ---- - 3008, 3011 ``` </details> <details> <summary>Links</summary> - PyPI: https://pypi.org/project/aiohttp - Changelog: https://pyup.io/changelogs/aiohttp/ - Repo: https://github.com/aio-libs/aiohttp </details>
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a [new issue] for related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Long story short
Parser of the
Forwarded
header ignores the port number.Expected behaviour
Parsing the header
Forwarded: for=1.2.3.4:5678
should yield arequest.forwarded
value of({"for": "1.2.3.4:5678"},)
.Actual behaviour
Parsing the header
Forwarded: for=1.2.3.4:5678
gives merequest.forwarded
value of({"for": "1.2.3.4"},)
. That is, it removes the client port number.Your environment
aiohttp 3.2.1 / Python 3.6.5.
The text was updated successfully, but these errors were encountered: