Skip to content

Commit ba15683

Browse files
authored
wrap IPv6 SERVER_NAME in [] (#2997)
2 parents ea93b54 + d99f72d commit ba15683

File tree

3 files changed

+15
-0
lines changed

3 files changed

+15
-0
lines changed

CHANGES.rst

+3
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,9 @@ Unreleased
99
``list``, ``tuple``, or ``set`` when passing multiple values. It had been
1010
changed to accept any ``Collection``, but this matched types that should be
1111
treated as single values, such as ``bytes``. :issue:`2994`
12+
- When the ``Host`` header is not set and ``Request.host`` falls back to the
13+
WSGI ``SERVER_NAME`` value, if that value is an IPv6 address it is wrapped
14+
in ``[]`` to match the ``Host`` header. :issue:`2993`
1215

1316

1417
Version 3.1.2

src/werkzeug/sansio/utils.py

+8
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,9 @@ def get_host(
7171
:return: Host, with port if necessary.
7272
:raise ~werkzeug.exceptions.SecurityError: If the host is not
7373
trusted.
74+
75+
.. versionchanged:: 3.1.3
76+
If ``SERVER_NAME`` is IPv6, it is wrapped in ``[]``.
7477
"""
7578
host = ""
7679

@@ -79,6 +82,11 @@ def get_host(
7982
elif server is not None:
8083
host = server[0]
8184

85+
# If SERVER_NAME is IPv6, wrap it in [] to match Host header.
86+
# Check for : because domain or IPv4 can't have that.
87+
if ":" in host and host[0] != "[":
88+
host = f"[{host}]"
89+
8290
if server[1] is not None:
8391
host = f"{host}:{server[1]}"
8492

tests/sansio/test_utils.py

+4
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,16 @@
1414
("https", "spam", None, "spam"),
1515
("https", "spam:443", None, "spam"),
1616
("http", "spam:8080", None, "spam:8080"),
17+
("http", "127.0.0.1:8080", None, "127.0.0.1:8080"),
18+
("http", "[::1]:8080", None, "[::1]:8080"),
1719
("ws", "spam", None, "spam"),
1820
("ws", "spam:80", None, "spam"),
1921
("wss", "spam", None, "spam"),
2022
("wss", "spam:443", None, "spam"),
2123
("http", None, ("spam", 80), "spam"),
2224
("http", None, ("spam", 8080), "spam:8080"),
25+
("http", None, ("127.0.0.1", 8080), "127.0.0.1:8080"),
26+
("http", None, ("::1", 8080), "[::1]:8080"),
2327
("http", None, ("unix/socket", None), "unix/socket"),
2428
("http", "spam", ("eggs", 80), "spam"),
2529
],

0 commit comments

Comments
 (0)