Merge pull request #3494 from Juneezee/docs/forwarded_allow_ips

docs: update forwarded_allow_ips to Markdown
This commit is contained in:
Benoit Chesneau 2026-03-09 13:35:57 +01:00 committed by GitHub
commit 8caf79ec64
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 53 additions and 107 deletions

View File

@ -1404,60 +1404,32 @@ variable. If it is not defined, the default is ``"127.0.0.1,::1"``.
In each case, we have a request from the remote address 134.213.44.18, and the default value of In each case, we have a request from the remote address 134.213.44.18, and the default value of
``secure_scheme_headers``: ``secure_scheme_headers``:
.. code:: ```python
secure_scheme_headers = {
'X-FORWARDED-PROTOCOL': 'ssl',
'X-FORWARDED-PROTO': 'https',
'X-FORWARDED-SSL': 'on'
}
```
secure_scheme_headers = { +---------------------+----------------------------+-----------------------------+-------------------------+
'X-FORWARDED-PROTOCOL': 'ssl', | forwarded-allow-ips | Secure Request Headers | Result | Explanation |
'X-FORWARDED-PROTO': 'https', +=====================+============================+=============================+=========================+
'X-FORWARDED-SSL': 'on' | `"127.0.0.1"` | `X-Forwarded-Proto: https` | `wsgi.url_scheme = "http"` | IP address was not |
} | | | | allowed |
+---------------------+----------------------------+-----------------------------+-------------------------+
.. list-table:: | | | | IP address allowed, but |
:header-rows: 1 | `"*"` | `<none>` | `wsgi.url_scheme = "http"` | no secure headers |
:align: center | | | | provided |
:widths: auto +---------------------+----------------------------+-----------------------------+-------------------------+
| `"*"` | `X-Forwarded-Proto: https` | `wsgi.url_scheme = "https"` | IP address allowed, one |
* - ``forwarded-allow-ips`` | | | | request header matched |
- Secure Request Headers +---------------------+----------------------------+-----------------------------+-------------------------+
- Result | | | | IP address allowed, but |
- Explanation | `"134.213.44.18"` | `X-Forwarded-Ssl: on` | `InvalidSchemeHeaders()` | the two secure headers |
* - .. code:: | | `X-Forwarded-Proto: http` | raised | disagreed on if HTTPS |
| | | | was used |
["127.0.0.1"] +---------------------+----------------------------+-----------------------------+-------------------------+
- .. code::
X-Forwarded-Proto: https
- .. code::
wsgi.url_scheme = "http"
- IP address was not allowed
* - .. code::
"*"
- <none>
- .. code::
wsgi.url_scheme = "http"
- IP address allowed, but no secure headers provided
* - .. code::
"*"
- .. code::
X-Forwarded-Proto: https
- .. code::
wsgi.url_scheme = "https"
- IP address allowed, one request header matched
* - .. code::
["134.213.44.18"]
- .. code::
X-Forwarded-Ssl: on
X-Forwarded-Proto: http
- ``InvalidSchemeHeaders()`` raised
- IP address allowed, but the two secure headers disagreed on if HTTPS was used
### `pythonpath` ### `pythonpath`

View File

@ -1346,61 +1346,32 @@ class ForwardedAllowIPS(Setting):
In each case, we have a request from the remote address 134.213.44.18, and the default value of In each case, we have a request from the remote address 134.213.44.18, and the default value of
``secure_scheme_headers``: ``secure_scheme_headers``:
.. code:: ```python
secure_scheme_headers = {
'X-FORWARDED-PROTOCOL': 'ssl',
'X-FORWARDED-PROTO': 'https',
'X-FORWARDED-SSL': 'on'
}
```
secure_scheme_headers = { +---------------------+----------------------------+-----------------------------+-------------------------+
'X-FORWARDED-PROTOCOL': 'ssl', | forwarded-allow-ips | Secure Request Headers | Result | Explanation |
'X-FORWARDED-PROTO': 'https', +=====================+============================+=============================+=========================+
'X-FORWARDED-SSL': 'on' | `"127.0.0.1"` | `X-Forwarded-Proto: https` | `wsgi.url_scheme = "http"` | IP address was not |
} | | | | allowed |
+---------------------+----------------------------+-----------------------------+-------------------------+
| | | | IP address allowed, but |
.. list-table:: | `"*"` | `<none>` | `wsgi.url_scheme = "http"` | no secure headers |
:header-rows: 1 | | | | provided |
:align: center +---------------------+----------------------------+-----------------------------+-------------------------+
:widths: auto | `"*"` | `X-Forwarded-Proto: https` | `wsgi.url_scheme = "https"` | IP address allowed, one |
| | | | request header matched |
* - ``forwarded-allow-ips`` +---------------------+----------------------------+-----------------------------+-------------------------+
- Secure Request Headers | | | | IP address allowed, but |
- Result | `"134.213.44.18"` | `X-Forwarded-Ssl: on` | `InvalidSchemeHeaders()` | the two secure headers |
- Explanation | | `X-Forwarded-Proto: http` | raised | disagreed on if HTTPS |
* - .. code:: | | | | was used |
+---------------------+----------------------------+-----------------------------+-------------------------+
["127.0.0.1"]
- .. code::
X-Forwarded-Proto: https
- .. code::
wsgi.url_scheme = "http"
- IP address was not allowed
* - .. code::
"*"
- <none>
- .. code::
wsgi.url_scheme = "http"
- IP address allowed, but no secure headers provided
* - .. code::
"*"
- .. code::
X-Forwarded-Proto: https
- .. code::
wsgi.url_scheme = "https"
- IP address allowed, one request header matched
* - .. code::
["134.213.44.18"]
- .. code::
X-Forwarded-Ssl: on
X-Forwarded-Proto: http
- ``InvalidSchemeHeaders()`` raised
- IP address allowed, but the two secure headers disagreed on if HTTPS was used
""" """

View File

@ -106,6 +106,8 @@ markdown_extensions:
- footnotes - footnotes
- md_in_html - md_in_html
- tables - tables
- markdown_grid_tables:
hard_linebreaks: true
- toc: - toc:
permalink: true permalink: true
- pymdownx.details - pymdownx.details

View File

@ -8,5 +8,6 @@ setuptools>=68.0
mkdocs>=1.6 mkdocs>=1.6
mkdocs-material>=9.5 mkdocs-material>=9.5
mkdocs-gen-files>=0.5 mkdocs-gen-files>=0.5
markdown-grid-tables>=0.6
mkdocs-macros-plugin>=1.0 mkdocs-macros-plugin>=1.0
pymdown-extensions>=10.0 pymdown-extensions>=10.0