ProxyHeadersMiddleware should not be enabled by default? #2103
Unanswered
vanschelven
asked this question in
Potential Issue
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
In uvicorn, ProxyHeadersMiddleware is enabled by default. When used in environments that are not behind a proxy, this opens you up for all kinds of security issues. See e.g. the plethora of warnings in the Django manual about a setting controlling a similar behavior: https://docs.djangoproject.com/en/4.2/ref/settings/#secure-proxy-ssl-header
Beta Was this translation helpful? Give feedback.
All reactions