Skip to content

Commit cfc1621

Browse files
author
Lukas Holecek
committed
Replace custom reverse proxy middleware with werkzeug ProxyFix
The custom middleware duplicated the Host header behind multi-layer proxies, which werkzeug 3.1.7+ rejects with a 400 error. Fixes #366 JIRA: RHELWF-14040 Assisted-by: Claude Code (claude-opus-4-6)
1 parent b35b55c commit cfc1621

3 files changed

Lines changed: 19 additions & 63 deletions

File tree

resultsdb/__init__.py

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -34,14 +34,14 @@
3434
)
3535
from flask_pyoidc.user_session import UserSession
3636
from flask_session import Session
37+
from werkzeug.middleware.proxy_fix import ProxyFix
3738

3839
from resultsdb.controllers.api_v2 import api as api_v2
3940
from resultsdb.controllers.api_v3 import api as api_v3
4041
from resultsdb.controllers.api_v3 import create_endpoints
4142
from resultsdb.controllers.main import main
4243
from resultsdb.messaging import load_messaging_plugin
4344
from resultsdb.models import db
44-
from resultsdb.proxy import ReverseProxied
4545
from resultsdb.tracing import setup_tracing
4646

4747
from . import config
@@ -56,8 +56,7 @@ def create_app(config_obj=None):
5656
app = Flask(__name__)
5757
app.secret_key = "replace-me-with-something-random" # nosec # NOSONAR
5858

59-
# make sure app behaves when behind a proxy
60-
app.wsgi_app = ReverseProxied(app.wsgi_app)
59+
app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_prefix=1)
6160

6261
# Expose the __version__ variable in templates
6362
app.jinja_env.globals["app_version"] = __version__

resultsdb/proxy.py

Lines changed: 0 additions & 60 deletions
This file was deleted.

tests/test_app.py

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,27 @@
11
from unittest.mock import Mock
22

33
from pytest import raises
4+
from werkzeug.test import EnvironBuilder
45

56
from resultsdb import setup_messaging
67

78

9+
def test_proxy_fix_extracts_single_host(app):
10+
"""Regression test for https://github.com/release-engineering/resultsdb/issues/366"""
11+
builder = EnvironBuilder(method="GET", path="/api/v2.0/")
12+
env = builder.get_environ()
13+
env["HTTP_X_FORWARDED_HOST"] = "resultsdb.example.com, resultsdb.example.com"
14+
15+
responses = []
16+
app.wsgi_app(env, lambda status, headers: responses.append(status))
17+
18+
assert responses
19+
assert not responses[0].startswith("400"), (
20+
f"Duplicate X-Forwarded-Host should not cause 400, got: {responses[0]}"
21+
)
22+
assert env["HTTP_HOST"] == "resultsdb.example.com"
23+
24+
825
def test_app_messaging(app):
926
assert app.messaging_plugin is not None
1027
assert type(app.messaging_plugin).__name__ == "DummyPlugin"

0 commit comments

Comments
 (0)