External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-06-21 22:57:48 -02:30
Code Issues Packages Projects Releases Wiki Activity

Trust proxy headers for host provision callback

Browse Source 
* Do not remove special header list if request is from a trusted proxy.
* Continue to remove headers if request if from a non-trusted proxy.
This commit is contained in:
Chris Meyers
2024-06-07 15:47:20 -04:00
committed by Chris Meyers
parent d5bad1a533
commit 2c8eef413b
2 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
awx/api/views/__init__.py
View File

@@ -61,6 +61,7 @@ import pytz
from wsgiref.util import FileWrapper
# django-ansible-base
from ansible_base.lib.utils.requests import get_remote_hosts
from ansible_base.rbac.models import RoleEvaluation, ObjectRole
from ansible_base.resource_registry.shared_types import OrganizationType, TeamType, UserType
@@ -2770,12 +2771,8 @@ class JobTemplateCallback(GenericAPIView):
host for the current request.
"""
# Find the list of remote host names/IPs to check.
remote_hosts = set()
for header in settings.REMOTE_HOST_HEADERS:
for value in self.request.META.get(header, '').split(','):
value = value.strip()
if value:
remote_hosts.add(value)
remote_hosts = set(get_remote_hosts(self.request))
# Add the reverse lookup of IP addresses.
for rh in list(remote_hosts):
try: