Perform some checks on a ``Host`` header ``host:port``. The host must be made up of valid characters, but this does not check validity beyond that. If a list of trusted domains is given, the domain must match one. :param hostname: The ``Host`` header ``host:port`` to check. :param t
(
hostname: str | None, trusted_list: t.Collection[str] | None = None
)
| 23 | |
| 24 | |
| 25 | def host_is_trusted( |
| 26 | hostname: str | None, trusted_list: t.Collection[str] | None = None |
| 27 | ) -> bool: |
| 28 | """Perform some checks on a ``Host`` header ``host:port``. The host must be |
| 29 | made up of valid characters, but this does not check validity beyond that. |
| 30 | If a list of trusted domains is given, the domain must match one. |
| 31 | |
| 32 | :param hostname: The ``Host`` header ``host:port`` to check. |
| 33 | :param trusted_list: A list of trusted domains to match. These should |
| 34 | already be IDNA encoded, but will be encoded if needed. The port is |
| 35 | ignored for this check. If a name starts with a dot it will match as a |
| 36 | suffix, accepting all subdomains. If empty or ``None``, all domains are |
| 37 | allowed. |
| 38 | |
| 39 | .. versionchanged:: 3.2 |
| 40 | The value's characters are validated. |
| 41 | |
| 42 | .. versionchanged:: 3.2 |
| 43 | ``trusted_list`` defaults to ``None``. |
| 44 | |
| 45 | .. versionadded:: 0.9 |
| 46 | """ |
| 47 | if not hostname: |
| 48 | return False |
| 49 | |
| 50 | if _host_re.fullmatch(hostname) is None: |
| 51 | return False |
| 52 | |
| 53 | hostname = hostname.partition(":")[0] |
| 54 | |
| 55 | if not trusted_list: |
| 56 | return True |
| 57 | |
| 58 | if isinstance(trusted_list, str): |
| 59 | trusted_list = [trusted_list] |
| 60 | |
| 61 | for ref in trusted_list: |
| 62 | if ref.startswith("."): |
| 63 | ref = ref[1:] |
| 64 | suffix_match = True |
| 65 | else: |
| 66 | suffix_match = False |
| 67 | |
| 68 | try: |
| 69 | ref = ref.partition(":")[0].encode("idna").decode("ascii") |
| 70 | except UnicodeEncodeError: |
| 71 | return False |
| 72 | |
| 73 | if ref == hostname or (suffix_match and hostname.endswith(f".{ref}")): |
| 74 | return True |
| 75 | |
| 76 | return False |
| 77 | |
| 78 | |
| 79 | def get_host( |
no outgoing calls
no test coverage detected