prepare_django_request should use request.get_host()

zibasec / django-saml2-pro-auth

SAML2 authentication backend for Django wrapping OneLogin's python-saml package https://github.com/onelogin/python3-saml

MIT License

30 stars 28 forks source link

prepare_django_request should use request.get_host() #30

Closed tecknicaltom closed 6 years ago

tecknicaltom commented 6 years ago

Instead of using request.META['HTTP_HOST'], prepare_django_request should use request.get_host() so that it works properly for app servers behind a proxy. In this configuration, Django should be configured with USE_X_FORWARDED_HOST so that request.get_host() uses the value from the X-FORWARDED-HOST header instead of Host.

juliedavila commented 6 years ago

I'm up for a pull request! On Thu, Sep 27, 2018 at 3:02 PM Tom Samstag notifications@github.com wrote:

Instead of using request.META['HTTP_HOST'], prepare_django_request should use request.get_host() so that it works properly for app servers behind a proxy. In this configuration, Django should be configured with USE_X_FORWARDED_HOST so that request.get_host() uses the value from the X-FORWARDED-HOST header instead of Host.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/MindPointGroup/django-saml2-pro-auth/issues/30, or mute the thread https://github.com/notifications/unsubscribe-auth/AEcrYnJ4vGHpdbKmiv7Fvw1LFLkn64jwks5ufSDUgaJpZM4W9RYV .

juliedavila commented 6 years ago

addressed in version 0.0.10