| 1 | | This has implications for `Request.getHost` etc. |
| | 1 | This should work vaguely the same way that `twisted.web.vhost.VHostMonsterResource` works. |
| | 2 | |
| | 3 | - `Request.getHost()` should return the forwarded-for host rather than the `Host:`. |
| | 4 | - `Request.isSecure` should return the security of the [http://tools.ietf.org/html/draft-petersson-forwarded-for-02#section-5.4 proto] parameter |
| | 5 | |
| | 6 | Like `VHostMonster`, there should be some configuration required to get into this mode. One mechanism for doing that would be to have a `ForwardedForParserResource`; however, since the connecting address is quite important, it may also be reasonable to build this directly into `Site`. Trusting random forwarded-for headers off the internet would not be good, so it should be easy to specify what the address of the expected terminating proxy is. |
| | 7 | |
| | 8 | Also, forwarded-for is a bit more expressive than the vhostmonster idiom in that it can describe multiple hops. This additional information should be exposed through an explicit API - perhaps a new `forwardedFor` method on Resource that returns an iterable of objects describing the hosts that it was forwarded through. |
