You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Adding a host name starting with . to wrappers.BaseRequest.trusted_hosts results in TypeError: must be str, not bytes (Python 3.6) or TypeError: Can't convert 'bytes' object to str implicitly (Python 3.4), as in werkzeug.wsgi.host_is_trusted, _normalize first calls _encode_idna, which encodes the ref to bytes and then if it start with '.', it is concatenated with the '.', thus mixing str and bytes.
Sample App
fromflaskimportFlask, requestclassTrustedHosts:
"""Flask extension setting `werkzeug.wrappers.BaseRequest.trusted_hosts`."""def__init__(self, app=None, trusted_hosts=None):
self.app=appself.trusted_hosts=trusted_hostsifappisnotNone:
self.init_app(app)
definit_app(self, app):
app.before_request(self.set_trusted_hosts)
defset_trusted_hosts(self):
# As host is a @cached_property this should before its first access.request.trusted_hosts=self.trusted_hostsprint(request.host)
app=Flask(__name__)
TrustedHosts(app, trusted_hosts=['.example.com'])
@app.route('/')defindex():
return'OK'
Full Stack Trace
Traceback (most recent call last):
File "c:\program files\python36\lib\site-packages\flask\app.py", line 1982, in wsgi_app
response = self.full_dispatch_request()
File "c:\program files\python36\lib\site-packages\flask\app.py", line 1614, in full_dispatch_request
rv = self.handle_user_exception(e)
File "c:\program files\python36\lib\site-packages\flask\app.py", line 1517, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "c:\program files\python36\lib\site-packages\flask\_compat.py", line 33, in reraise
raise value
File "c:\program files\python36\lib\site-packages\flask\app.py", line 1610, in full_dispatch_request
rv = self.preprocess_request()
File "c:\program files\python36\lib\site-packages\flask\app.py", line 1831, in preprocess_request
rv = func()
File "D:\Dropbox\p\kb\python\web\flask\trusted_hosts.py", line 17, in set_trusted_hosts
print(request.host)
File "c:\program files\python36\lib\site-packages\werkzeug\local.py", line 347, in __getattr__
return getattr(self._get_current_object(), name)
File "c:\program files\python36\lib\site-packages\werkzeug\utils.py", line 73, in __get__
value = self.func(obj)
File "c:\program files\python36\lib\site-packages\werkzeug\wrappers.py", line 635, in host
return get_host(self.environ, trusted_hosts=self.trusted_hosts)
File "c:\program files\python36\lib\site-packages\werkzeug\wsgi.py", line 160, in get_host
if not host_is_trusted(rv, trusted_hosts):
File "c:\program files\python36\lib\site-packages\werkzeug\wsgi.py", line 132, in host_is_trusted
if suffix_match and hostname.endswith('.' + ref):
TypeError: must be str, not bytes
127.0.0.1 - - [11/Dec/2017 17:11:18] "GET / HTTP/1.1" 500 -
The text was updated successfully, but these errors were encountered:
Adding a host name starting with
.
towrappers.BaseRequest.trusted_hosts
results inTypeError: must be str, not bytes
(Python 3.6) orTypeError: Can't convert 'bytes' object to str implicitly
(Python 3.4), as inwerkzeug.wsgi.host_is_trusted
,_normalize
first calls_encode_idna
, which encodes theref
tobytes
and then if it start with '.', it is concatenated with the'.'
, thus mixingstr
andbytes
.Sample App
Full Stack Trace
The text was updated successfully, but these errors were encountered: