Closed jugmac00 closed 4 years ago
From waitress 1.4.4 code:
# Should waitress clear any proxy headers that are not deemed trusted from
# the environ? Change to True by default in 2.x
clear_untrusted_proxy_headers = _bool_marker
...
if self.clear_untrusted_proxy_headers is _bool_marker:
warnings.warn(
"In future versions of Waitress clear_untrusted_proxy_headers will be "
"set to True by default. You may opt-out by setting this value to "
"False, or opt-in explicitly by setting this to True.",
DeprecationWarning,
)
self.clear_untrusted_proxy_headers = False
To me it seems good to set clear_untrusted_proxy_headers = true
in the [server:main]
section in wsgi.ini
.
Possibly make this configurable in the recipe.
BTW, the untrusted headers are mostly a few X_FORWARDED
headers, but there is code in that same file to make this more dynamic.
Fixed with PR #154.
When I run my Zope app's testsuite, I get the following warning.
I use
plone.recipe.zope2instance
so I assume there should be a setting forclear_untrusted_proxy_headers
, too?Thanks!