From 6a8ebcca1a9192fa1796cce5f736b6b1108b8194 Mon Sep 17 00:00:00 2001 From: Raphael Michel Date: Fri, 24 Feb 2023 10:28:22 +0100 Subject: [PATCH] Add support for X-Forwarded-Host --- doc/admin/config.rst | 5 +++++ src/pretix/settings.py | 2 ++ 2 files changed, 7 insertions(+) diff --git a/doc/admin/config.rst b/doc/admin/config.rst index 6f380103d..b34dbe1dc 100644 --- a/doc/admin/config.rst +++ b/doc/admin/config.rst @@ -106,6 +106,11 @@ Example:: proxy that actively removes and re-adds the header to make sure the correct value is set. Defaults to ``off``. +``trust_x_forwarded_host`` + Specifies whether the ``X-Forwarded-Host`` header can be trusted. Only set to ``on`` if you have a reverse + proxy that actively removes and re-adds the header to make sure the correct value is set. + Defaults to ``off``. + ``csp_log`` Log violations of the Content Security Policy (CSP). Defaults to ``on``. diff --git a/src/pretix/settings.py b/src/pretix/settings.py index 2709abbcc..c4025d56b 100644 --- a/src/pretix/settings.py +++ b/src/pretix/settings.py @@ -178,6 +178,8 @@ if SITE_URL.endswith('/'): CSRF_TRUSTED_ORIGINS = [urlparse(SITE_URL).hostname] TRUST_X_FORWARDED_FOR = config.get('pretix', 'trust_x_forwarded_for', fallback=False) +USE_X_FORWARDED_HOST = config.get('pretix', 'trust_x_forwarded_host', fallback=False) + REQUEST_ID_HEADER = config.get('pretix', 'request_id_header', fallback=False)