diff --git a/docs/content/reference/settings.md b/docs/content/reference/settings.md index 05fc2f9c..ac45ac9f 100644 --- a/docs/content/reference/settings.md +++ b/docs/content/reference/settings.md @@ -1404,60 +1404,32 @@ variable. If it is not defined, the default is ``"127.0.0.1,::1"``. In each case, we have a request from the remote address 134.213.44.18, and the default value of ``secure_scheme_headers``: - .. code:: + ```python + secure_scheme_headers = { + 'X-FORWARDED-PROTOCOL': 'ssl', + 'X-FORWARDED-PROTO': 'https', + 'X-FORWARDED-SSL': 'on' + } + ``` - secure_scheme_headers = { - 'X-FORWARDED-PROTOCOL': 'ssl', - 'X-FORWARDED-PROTO': 'https', - 'X-FORWARDED-SSL': 'on' - } - - .. list-table:: - :header-rows: 1 - :align: center - :widths: auto - - * - ``forwarded-allow-ips`` - - Secure Request Headers - - Result - - Explanation - * - .. code:: - - ["127.0.0.1"] - - .. code:: - - X-Forwarded-Proto: https - - .. code:: - - wsgi.url_scheme = "http" - - IP address was not allowed - * - .. code:: - - "*" - - - - .. code:: - - wsgi.url_scheme = "http" - - IP address allowed, but no secure headers provided - * - .. code:: - - "*" - - .. code:: - - X-Forwarded-Proto: https - - .. code:: - - wsgi.url_scheme = "https" - - IP address allowed, one request header matched - * - .. code:: - - ["134.213.44.18"] - - .. code:: - - X-Forwarded-Ssl: on - X-Forwarded-Proto: http - - ``InvalidSchemeHeaders()`` raised - - IP address allowed, but the two secure headers disagreed on if HTTPS was used + +---------------------+----------------------------+-----------------------------+-------------------------+ + | forwarded-allow-ips | Secure Request Headers | Result | Explanation | + +=====================+============================+=============================+=========================+ + | `"127.0.0.1"` | `X-Forwarded-Proto: https` | `wsgi.url_scheme = "http"` | IP address was not | + | | | | allowed | + +---------------------+----------------------------+-----------------------------+-------------------------+ + | | | | IP address allowed, but | + | `"*"` | `` | `wsgi.url_scheme = "http"` | no secure headers | + | | | | provided | + +---------------------+----------------------------+-----------------------------+-------------------------+ + | `"*"` | `X-Forwarded-Proto: https` | `wsgi.url_scheme = "https"` | IP address allowed, one | + | | | | request header matched | + +---------------------+----------------------------+-----------------------------+-------------------------+ + | | | | IP address allowed, but | + | `"134.213.44.18"` | `X-Forwarded-Ssl: on` | `InvalidSchemeHeaders()` | the two secure headers | + | | `X-Forwarded-Proto: http` | raised | disagreed on if HTTPS | + | | | | was used | + +---------------------+----------------------------+-----------------------------+-------------------------+ ### `pythonpath` diff --git a/gunicorn/config.py b/gunicorn/config.py index 01834be8..22ebaf4d 100644 --- a/gunicorn/config.py +++ b/gunicorn/config.py @@ -1346,61 +1346,32 @@ class ForwardedAllowIPS(Setting): In each case, we have a request from the remote address 134.213.44.18, and the default value of ``secure_scheme_headers``: - .. code:: + ```python + secure_scheme_headers = { + 'X-FORWARDED-PROTOCOL': 'ssl', + 'X-FORWARDED-PROTO': 'https', + 'X-FORWARDED-SSL': 'on' + } + ``` - secure_scheme_headers = { - 'X-FORWARDED-PROTOCOL': 'ssl', - 'X-FORWARDED-PROTO': 'https', - 'X-FORWARDED-SSL': 'on' - } - - - .. list-table:: - :header-rows: 1 - :align: center - :widths: auto - - * - ``forwarded-allow-ips`` - - Secure Request Headers - - Result - - Explanation - * - .. code:: - - ["127.0.0.1"] - - .. code:: - - X-Forwarded-Proto: https - - .. code:: - - wsgi.url_scheme = "http" - - IP address was not allowed - * - .. code:: - - "*" - - - - .. code:: - - wsgi.url_scheme = "http" - - IP address allowed, but no secure headers provided - * - .. code:: - - "*" - - .. code:: - - X-Forwarded-Proto: https - - .. code:: - - wsgi.url_scheme = "https" - - IP address allowed, one request header matched - * - .. code:: - - ["134.213.44.18"] - - .. code:: - - X-Forwarded-Ssl: on - X-Forwarded-Proto: http - - ``InvalidSchemeHeaders()`` raised - - IP address allowed, but the two secure headers disagreed on if HTTPS was used + +---------------------+----------------------------+-----------------------------+-------------------------+ + | forwarded-allow-ips | Secure Request Headers | Result | Explanation | + +=====================+============================+=============================+=========================+ + | `"127.0.0.1"` | `X-Forwarded-Proto: https` | `wsgi.url_scheme = "http"` | IP address was not | + | | | | allowed | + +---------------------+----------------------------+-----------------------------+-------------------------+ + | | | | IP address allowed, but | + | `"*"` | `` | `wsgi.url_scheme = "http"` | no secure headers | + | | | | provided | + +---------------------+----------------------------+-----------------------------+-------------------------+ + | `"*"` | `X-Forwarded-Proto: https` | `wsgi.url_scheme = "https"` | IP address allowed, one | + | | | | request header matched | + +---------------------+----------------------------+-----------------------------+-------------------------+ + | | | | IP address allowed, but | + | `"134.213.44.18"` | `X-Forwarded-Ssl: on` | `InvalidSchemeHeaders()` | the two secure headers | + | | `X-Forwarded-Proto: http` | raised | disagreed on if HTTPS | + | | | | was used | + +---------------------+----------------------------+-----------------------------+-------------------------+ """ diff --git a/mkdocs.yml b/mkdocs.yml index f1c935f4..ed722443 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -106,6 +106,8 @@ markdown_extensions: - footnotes - md_in_html - tables + - markdown_grid_tables: + hard_linebreaks: true - toc: permalink: true - pymdownx.details diff --git a/requirements_dev.txt b/requirements_dev.txt index 40b6dae6..438b8084 100644 --- a/requirements_dev.txt +++ b/requirements_dev.txt @@ -8,5 +8,6 @@ setuptools>=68.0 mkdocs>=1.6 mkdocs-material>=9.5 mkdocs-gen-files>=0.5 +markdown-grid-tables>=0.6 mkdocs-macros-plugin>=1.0 pymdown-extensions>=10.0