Update config.py

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
This commit is contained in:
Eng Zer Jun 2026-02-11 05:40:34 +08:00
parent fb698ef0f7
commit cc974da87e
No known key found for this signature in database
GPG Key ID: DAEBBD2E34C111E6

View File

@ -1346,61 +1346,20 @@ class ForwardedAllowIPS(Setting):
In each case, we have a request from the remote address 134.213.44.18, and the default value of
``secure_scheme_headers``:
.. code::
```python
secure_scheme_headers = {
'X-FORWARDED-PROTOCOL': 'ssl',
'X-FORWARDED-PROTO': 'https',
'X-FORWARDED-SSL': 'on'
}
```
secure_scheme_headers = {
'X-FORWARDED-PROTOCOL': 'ssl',
'X-FORWARDED-PROTO': 'https',
'X-FORWARDED-SSL': 'on'
}
.. list-table::
:header-rows: 1
:align: center
:widths: auto
* - ``forwarded-allow-ips``
- Secure Request Headers
- Result
- Explanation
* - .. code::
["127.0.0.1"]
- .. code::
X-Forwarded-Proto: https
- .. code::
wsgi.url_scheme = "http"
- IP address was not allowed
* - .. code::
"*"
- <none>
- .. code::
wsgi.url_scheme = "http"
- IP address allowed, but no secure headers provided
* - .. code::
"*"
- .. code::
X-Forwarded-Proto: https
- .. code::
wsgi.url_scheme = "https"
- IP address allowed, one request header matched
* - .. code::
["134.213.44.18"]
- .. code::
X-Forwarded-Ssl: on
X-Forwarded-Proto: http
- ``InvalidSchemeHeaders()`` raised
- IP address allowed, but the two secure headers disagreed on if HTTPS was used
| forwarded-allow-ips | Secure Request Headers | Result | Explanation |
| ------------------- | -------------------------------------------------- | ------------------------------- | ----------------------------------------------------------------------------- |
| `"127.0.0.1"` | `X-Forwarded-Proto: https` | `wsgi.url_scheme = "http"` | IP address was not allowed |
| `"*"` | `<none>` | `wsgi.url_scheme = "http"` | IP address allowed, but no secure headers provided |
| `"*"` | `X-Forwarded-Proto: https` | `wsgi.url_scheme = "https"` | IP address allowed, one request header matched |
| `"134.213.44.18"` | `X-Forwarded-Ssl: on`<br>`X-Forwarded-Proto: http` | `InvalidSchemeHeaders()` raised | IP address allowed, but the two secure headers disagreed on if HTTPS was used |
"""