sanic
sanic copied to clipboard
Published
20 hours ago •
sanic-org
sanic-org
sanic 23 `FORWARDED_SECRET` value with `-` or `_` behavior weired
Is there an existing issue for this?
- [x] I have searched the existing issues
Describe the bug
| app.config.FORWARDED_SECRET='chen-secret' | FORWARDED_SECRET='chen_secret' | |
|---|---|---|
| curl -H 'forwarded: secret=chen-secret' | fail | work |
| curl -H 'forwarded: secret=chen_secret' | work | fail |
it behavior weired
Code snippet
https://sanic.dev/en/guide/advanced/proxy-headers.html#forwarded-header
# test fwd
from sanic import Sanic
from sanic.response import json
# sanic app
app = Sanic(__name__)
## tested on sanic 23.12.1, 23.3.0
### FORWARDED_SECRET behavior weird
# app.config.FORWARDED_SECRET = 'chen-secret' ## WARN: need client 'chen_secret'
app.config.FORWARDED_SECRET = 'chen_secret' ## WARN: need client 'chen-secret
### REAL_IP_HEADER behavior as expected
app.config.REAL_IP_HEADER = 'chen-realip'
# app.config.REAL_IP_HEADER = 'chen_realip'
app.config.PROXIES_COUNT = 1
print('--config_fwd_secret:', app.config.FORWARDED_SECRET)
@app.route("/fwd")
async def forwarded(request):
return json(
{
"remote_addr": request.remote_addr,
"scheme": request.scheme,
"server_name": request.server_name,
"server_port": request.server_port,
"forwarded": request.forwarded,
"config_fwd_secret": app.config.FORWARDED_SECRET,
}
)
'''
test1:
curl -s localhost:8080/fwd -H 'forwarded: secret=chen-secret' -H 'chen-realip: 123.45.6.7'
test2:
curl -s localhost:8080/fwd -H 'forwarded: secret=chen_secret' -H 'chen-realip: 123.45.6.7'
'''
Expected Behavior
maybe, client and server use same value?
$ curl -s localhost:8080/fwd -H 'forwarded: secret=chen_secret' -H 'chen-realip: 123.45.6.7' | jq
{
"remote_addr": "123.45.6.7",
"scheme": "http",
"server_name": "localhost",
"server_port": 8080,
"forwarded": {
"for": "123.45.6.7"
},
"config_fwd_secret": "chen_secret"
}
$ curl -s localhost:8080/fwd -H 'forwarded: secret=chen-secret' -H 'chen-realip: 123.45.6.7' | jq
{
"remote_addr": "123.45.6.7",
"scheme": "http",
"server_name": "localhost",
"server_port": 8080,
"forwarded": {
"for": "123.45.6.7"
},
"config_fwd_secret": "chen-secret"
}
How do you run Sanic?
Sanic CLI
Operating System
Linux
Sanic Version
23.12.1, 23.3.0
Additional context
//test result:
run server
$ ~/.local/bin/sanic test_fwd --port 8080
client test
$ curl -s localhost:8080/fwd -H 'forwarded: secret=chen_secret' -H 'chen-realip: 123.45.6.7' | jq
{
"remote_addr": "",
"scheme": "http",
"server_name": "localhost",
"server_port": 8080,
"forwarded": {
"secret": "chen_secret"
},
"config_fwd_secret": "chen_secret"
}
$ curl -s localhost:8080/fwd -H 'forwarded: secret=chen-secret' -H 'chen-realip: 123.45.6.7' | jq
{
"remote_addr": "123.45.6.7",
"scheme": "http",
"server_name": "localhost",
"server_port": 8080,
"forwarded": {
"for": "123.45.6.7"
},
"config_fwd_secret": "chen_secret"
}
