def HostKiller(next, logger, reqdata, environ):
uh = httputil.hostFromEnv(environ)
if uh and not valid_host(uh):
environ['dwiki.logger'].warn("rejected invalid Host: value from request URI: %s" % repr(uh))
return httputil.genError("sec-error", 403)
gh = getHost(environ)
if not valid_host(gh):
environ['dwiki.logger'].warn("rejected invalid Host: value from Host: header: %s" % repr(gh))
return httputil.genError("sec-error", 403)
return next(logger, reqdata, environ)
def HostFixer(next, logger, reqdata, environ):
uh = httputil.hostFromEnv(environ)
if uh:
# TODO: updating environ is the sign of a hack.
environ['HTTP_HOST'] = uh
reqdata['server-name'] = uh
if environ.get('HTTPS') == "on":
reqdata['server-url'] = "https://%s" % uh
else:
reqdata['server-url'] = "http://%s" % uh
return next(logger, reqdata, environ)
