fix(request): prevent IndexError from broken Forwarded header

[TBoshoven]

Summary of Changes

Fix a wrongful assumption where forwarded_scheme and forwarded_host assume that if a Forwarded header is present, it is valid. When a Forwarded header cannot be parsed properly (or is plain empty), an empty list is returned by forwarded. This resulted in an IndexError in forwarded_scheme and forwarded_host. This PR changes that to use the existing fallback logic instead.

While we could fall back on checking other headers (X-Forwarded-For and such) I think that if the Forwarded header is present but doesn't contain any relevant or correct entries, we can simply assume that there are none. Please let me know if you have a different opinion.

Related Issues

N/A

Pull Request Checklist

This is just a reminder about the most common mistakes. Please make sure that you tick all appropriate boxes. But please read our contribution guide at least once; it will save you a few review cycles!

If an item doesn't apply to your pull request, check it anyway to make it apparent that there's nothing to do.

• [X] Applied changes to both WSGI and ASGI code paths and interfaces (where applicable).
• [X] Added tests for changed code.
• [X] Prefixed code comments with GitHub nick and an appropriate prefix.
• [X] Coding style is consistent with the rest of the framework.
• [X] Updated documentation for changed code.
  • [X] Added docstrings for any new classes, functions, or modules.
  • [X] Updated docstrings for any modifications to existing code.
  • [X] Updated both WSGI and ASGI docs (where applicable).
  • [X] Added references to new classes, functions, or modules to the relevant RST file under docs/.
  • [X] Updated all relevant supporting documentation files under docs/.
  • [X] A copyright notice is included at the top of any new modules (using your own name or the name of your organization).
  • [X] Changed/added classes/methods/functions have appropriate versionadded, versionchanged, or deprecated directives.
• [x] Changes (and possible deprecations) have towncrier news fragments under docs/_newsfragments/, with the file name format {issue_number}.{fragment_type}.rst. (Run towncrier --draft to ensure it renders correctly.)

[CaselIT]

Hi,

Thanks for the contribution. Does this case happen with a particular environment or server?

[codecov[bot]]

Codecov Report

Merging #2043 (8d94723) into master (130572d) will not change coverage. The diff coverage is 100.00%.

@@            Coverage Diff            @@
##            master     #2043   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           63        63           
  Lines         6707      6715    +8     
  Branches      1238      1242    +4     
=========================================
+ Hits          6707      6715    +8     

Impacted Files	Coverage Δ
falcon/asgi/request.py	100.00% <100.00%> (ø)
falcon/request.py	100.00% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 130572d...8d94723. Read the comment docs.

[TBoshoven]

Does this case happen with a particular environment or server?

Not that I found. It's a generic issue when encountering a malformed request header. We came across this by accident by directly hitting a Falcon server.

[TBoshoven]

Ah, I mistakenly created a markdown file instead of a restructuredtext one. Will fix :+1:

[TBoshoven]

Sorry for taking a while. Merged master into this branch.

[kgriffs]

Thanks @TBoshoven !