[Zope-dev] Apache rewrite - HTTP_Host redirect issue
Wichert Akkerman
wichert at wiggy.net
Wed Sep 16 02:37:10 EDT 2009
On 2009-9-16 01:15, Roger Ineichen wrote:
> Hi Dan
>
> I have an issue with the latest changes in
> zope.publisher.http.py
>
> The redirect method in HTTPResponse http.py line: 880
> forces a ValueError. Because the Apache HTTP_HOST
> and the target_host to not compare.
>
> def redirect(self, location, status=None, trusted=False):
> location = str(location)
> if not trusted:
> scheme, target_host, path, query, fragment = (
> urlparse.urlsplit(location))
> if target_host and target_host != self._request.get('HTTP_HOST'):
> raise ValueError(
> "Untrusted redirect to host %r not allowed." % target_host)
>
> Apache uses<DOMAIN> in HTTP_HOST like expected
> and the method used with urlparse.urlsplit(location)
> returns<DOMAIN:PORT> as target_host value.
I suspect Apache does use DOMAIN:PORT if the port is a non-standard
port, ie http over anything other than port 80 or https over something
other than port 443.
Wichert.
--
Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
More information about the Zope-Dev
mailing list