Get and validate a request's ``host:port`` based on the given values. The ``Host`` header sent by the client is preferred. Otherwise, the server's configured address is used. The port is omitted if it matches the standard HTTP or HTTPS ports. The value is passed through :func:`host
(
scheme: str,
host_header: str | None,
server: tuple[str, int | None] | None = None,
trusted_hosts: t.Collection[str] | None = None,
)
| 77 | |
| 78 | |
| 79 | def get_host( |
| 80 | scheme: str, |
| 81 | host_header: str | None, |
| 82 | server: tuple[str, int | None] | None = None, |
| 83 | trusted_hosts: t.Collection[str] | None = None, |
| 84 | ) -> str: |
| 85 | """Get and validate a request's ``host:port`` based on the given values. |
| 86 | |
| 87 | The ``Host`` header sent by the client is preferred. Otherwise, the server's |
| 88 | configured address is used. The port is omitted if it matches the standard |
| 89 | HTTP or HTTPS ports. |
| 90 | |
| 91 | The value is passed through :func:`host_is_trusted`. The host must be made |
| 92 | up of valid characters, but this does not check validity beyond that. If a |
| 93 | list of trusted domains is given, the domain must match one. |
| 94 | |
| 95 | If the host header is not available, such as for HTTP/0.9 and 1.0, or it has |
| 96 | invalid characters, the empty string is returned. Subdomain and host |
| 97 | routing, and external URL building, will not work in these cases. |
| 98 | |
| 99 | :param scheme: The protocol of the request. Used to omit the standard ports |
| 100 | 80 and 443. |
| 101 | :param host_header: The ``Host`` header value. |
| 102 | :param server: The server's configured address ``(host, port)``. The server |
| 103 | may be using a Unix socket and give ``(path, None)``; this is ignored as |
| 104 | it would not produce a useful host value. |
| 105 | :param trusted_hosts: A list of trusted domains to match. These should |
| 106 | already be IDNA encoded, but will be encoded if needed. The port is |
| 107 | ignored for this check. If a name starts with a dot it will match as a |
| 108 | suffix, accepting all subdomains. If empty or ``None``, all domains are |
| 109 | allowed. |
| 110 | |
| 111 | :return: Host, with port if necessary. |
| 112 | :raise .SecurityError: If the host is not trusted. |
| 113 | |
| 114 | .. versionchanged:: 3.1.8 |
| 115 | The empty string is again returned if no host header value is available, |
| 116 | or if the characters are invalid. |
| 117 | |
| 118 | .. versionchanged:: 3.1.7 |
| 119 | The characters of the host value are validated. The empty string is no |
| 120 | longer allowed if no header value is available. |
| 121 | |
| 122 | .. versionchanged:: 3.2 |
| 123 | When using the server address, Unix sockets are ignored. |
| 124 | |
| 125 | .. versionchanged:: 3.1.3 |
| 126 | If ``SERVER_NAME`` is IPv6, it is wrapped in ``[]``. |
| 127 | """ |
| 128 | if host_header is not None: |
| 129 | host = host_header |
| 130 | # The port server[1] will be None for a Unix socket. Ignore in that case. |
| 131 | elif server is not None and server[1] is not None: |
| 132 | host = server[0] |
| 133 | |
| 134 | # If SERVER_NAME is IPv6, wrap it in [] to match Host header. |
| 135 | # Check for : because domain or IPv4 can't have that. |
| 136 | if ":" in host and host[0] != "[": |