Don't overwrite environment variables
The original PATH_INFO is required for redirects.
This commit is contained in:
parent
ded660df07
commit
0cb6642ec3
@ -362,31 +362,28 @@ class Application:
|
|||||||
time_begin = datetime.datetime.now()
|
time_begin = datetime.datetime.now()
|
||||||
self.logger.info(
|
self.logger.info(
|
||||||
"%s request for %r%s received from %s%s",
|
"%s request for %r%s received from %s%s",
|
||||||
environ["REQUEST_METHOD"], environ["PATH_INFO"], depthinfo,
|
environ["REQUEST_METHOD"], environ.get("PATH_INFO", ""), depthinfo,
|
||||||
remote_host, remote_useragent)
|
remote_host, remote_useragent)
|
||||||
headers = pprint.pformat(self.headers_log(environ))
|
headers = pprint.pformat(self.headers_log(environ))
|
||||||
self.logger.debug("Request headers:\n%s", headers)
|
self.logger.debug("Request headers:\n%s", headers)
|
||||||
|
|
||||||
# Let reverse proxies overwrite SCRIPT_NAME
|
# Let reverse proxies overwrite SCRIPT_NAME
|
||||||
if "HTTP_X_SCRIPT_NAME" in environ:
|
if "HTTP_X_SCRIPT_NAME" in environ:
|
||||||
environ["SCRIPT_NAME"] = environ["HTTP_X_SCRIPT_NAME"]
|
# script_name must be removed from PATH_INFO by the client.
|
||||||
self.logger.debug(
|
unsafe_base_prefix = environ["HTTP_X_SCRIPT_NAME"]
|
||||||
"Script name overwritten by client: %r",
|
self.logger.debug("Script name overwritten by client: %r",
|
||||||
environ["SCRIPT_NAME"])
|
unsafe_base_prefix)
|
||||||
# Sanitize base prefix
|
else:
|
||||||
environ["SCRIPT_NAME"] = storage.sanitize_path(
|
|
||||||
environ.get("SCRIPT_NAME", "")).rstrip("/")
|
|
||||||
self.logger.debug("Sanitized script name: %r", environ["SCRIPT_NAME"])
|
|
||||||
base_prefix = environ["SCRIPT_NAME"]
|
|
||||||
environ["PATH_INFO"] = environ.get("PATH_INFO", "")
|
|
||||||
# Sanitize request URI (a WSGI server indicates with an empty path,
|
|
||||||
# that the URL targets the application root without a trailing slash)
|
|
||||||
if environ["PATH_INFO"]:
|
|
||||||
environ["PATH_INFO"] = storage.sanitize_path(environ["PATH_INFO"])
|
|
||||||
self.logger.debug("Sanitized path: %r", environ["PATH_INFO"])
|
|
||||||
# SCRIPT_NAME is already removed from PATH_INFO, according to the
|
# SCRIPT_NAME is already removed from PATH_INFO, according to the
|
||||||
# WSGI specification.
|
# WSGI specification.
|
||||||
path = environ["PATH_INFO"]
|
unsafe_base_prefix = environ.get("SCRIPT_NAME", "")
|
||||||
|
# Sanitize base prefix
|
||||||
|
base_prefix = storage.sanitize_path(unsafe_base_prefix).rstrip("/")
|
||||||
|
self.logger.debug("Sanitized script name: %r", base_prefix)
|
||||||
|
# Sanitize request URI (a WSGI server indicates with an empty path,
|
||||||
|
# that the URL targets the application root without a trailing slash)
|
||||||
|
path = storage.sanitize_path(environ.get("PATH_INFO", ""))
|
||||||
|
self.logger.debug("Sanitized path: %r", path)
|
||||||
|
|
||||||
# Get function corresponding to method
|
# Get function corresponding to method
|
||||||
function = getattr(self, "do_%s" % environ["REQUEST_METHOD"].upper())
|
function = getattr(self, "do_%s" % environ["REQUEST_METHOD"].upper())
|
||||||
@ -558,7 +555,7 @@ class Application:
|
|||||||
# Redirect to .web if the root URL is requested
|
# Redirect to .web if the root URL is requested
|
||||||
if not path.strip("/"):
|
if not path.strip("/"):
|
||||||
web_path = ".web"
|
web_path = ".web"
|
||||||
if not path.endswith("/"):
|
if not environ.get("PATH_INFO"):
|
||||||
web_path = posixpath.join(posixpath.basename(base_prefix),
|
web_path = posixpath.join(posixpath.basename(base_prefix),
|
||||||
web_path)
|
web_path)
|
||||||
return (client.SEE_OTHER,
|
return (client.SEE_OTHER,
|
||||||
|
Loading…
Reference in New Issue
Block a user