From cc974da87ebb5604e3185be5196baf59ec2c40cb Mon Sep 17 00:00:00 2001 From: Eng Zer Jun Date: Wed, 11 Feb 2026 05:40:34 +0800 Subject: [PATCH] Update config.py Signed-off-by: Eng Zer Jun --- gunicorn/config.py | 67 +++++++++------------------------------------- 1 file changed, 13 insertions(+), 54 deletions(-) diff --git a/gunicorn/config.py b/gunicorn/config.py index c391ae41..8a8c4b32 100644 --- a/gunicorn/config.py +++ b/gunicorn/config.py @@ -1346,61 +1346,20 @@ class ForwardedAllowIPS(Setting): In each case, we have a request from the remote address 134.213.44.18, and the default value of ``secure_scheme_headers``: - .. code:: + ```python + secure_scheme_headers = { + 'X-FORWARDED-PROTOCOL': 'ssl', + 'X-FORWARDED-PROTO': 'https', + 'X-FORWARDED-SSL': 'on' + } + ``` - secure_scheme_headers = { - 'X-FORWARDED-PROTOCOL': 'ssl', - 'X-FORWARDED-PROTO': 'https', - 'X-FORWARDED-SSL': 'on' - } - - - .. list-table:: - :header-rows: 1 - :align: center - :widths: auto - - * - ``forwarded-allow-ips`` - - Secure Request Headers - - Result - - Explanation - * - .. code:: - - ["127.0.0.1"] - - .. code:: - - X-Forwarded-Proto: https - - .. code:: - - wsgi.url_scheme = "http" - - IP address was not allowed - * - .. code:: - - "*" - - - - .. code:: - - wsgi.url_scheme = "http" - - IP address allowed, but no secure headers provided - * - .. code:: - - "*" - - .. code:: - - X-Forwarded-Proto: https - - .. code:: - - wsgi.url_scheme = "https" - - IP address allowed, one request header matched - * - .. code:: - - ["134.213.44.18"] - - .. code:: - - X-Forwarded-Ssl: on - X-Forwarded-Proto: http - - ``InvalidSchemeHeaders()`` raised - - IP address allowed, but the two secure headers disagreed on if HTTPS was used + | forwarded-allow-ips | Secure Request Headers | Result | Explanation | + | ------------------- | -------------------------------------------------- | ------------------------------- | ----------------------------------------------------------------------------- | + | `"127.0.0.1"` | `X-Forwarded-Proto: https` | `wsgi.url_scheme = "http"` | IP address was not allowed | + | `"*"` | `` | `wsgi.url_scheme = "http"` | IP address allowed, but no secure headers provided | + | `"*"` | `X-Forwarded-Proto: https` | `wsgi.url_scheme = "https"` | IP address allowed, one request header matched | + | `"134.213.44.18"` | `X-Forwarded-Ssl: on`
`X-Forwarded-Proto: http` | `InvalidSchemeHeaders()` raised | IP address allowed, but the two secure headers disagreed on if HTTPS was used | """