[Twisted-web] internal vs. external hostname in Request.getHost9)
Glyph Lefkowitz
glyph at twistedmatrix.com
Tue Mar 21 00:09:33 MDT 2017
> On Mar 20, 2017, at 11:30 AM, Tom Most <tommost at gmail.com> wrote:
>
> If Twisted is to support this in any way, I think that it should be opt-in support for the Forwarded header as specified in RFC 7239. This should be a parameter applicable to all of twisted.web.server rather than per-method call, since it's something the administrator needs to set.
>
I'm generally in agreement with this. Further, we should probably have some notion of authentication, i.e. Site(..., trustForwardedForFrom=[...]), where [...] could be, let's say a twisted.internet.ssl.Certificate representing a client CA to check client connections from, or a list of twisted.internet.address.IPv4Address objects naming servers on a network we can trust. Effectively building in authentication to this layer is important (and since twisted is a web _server_ and not a web framework, more generally possible than e.g. Django).
-glyph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://twistedmatrix.com/pipermail/twisted-web/attachments/20170320/ffbb0032/attachment.html>
More information about the Twisted-web
mailing list