MCPcopy
hub / github.com/pallets/werkzeug / host_is_trusted

Function host_is_trusted

src/werkzeug/sansio/utils.py:25–76  ·  view source on GitHub ↗

Perform some checks on a ``Host`` header ``host:port``. The host must be made up of valid characters, but this does not check validity beyond that. If a list of trusted domains is given, the domain must match one. :param hostname: The ``Host`` header ``host:port`` to check. :param t

(
    hostname: str | None, trusted_list: t.Collection[str] | None = None
)

Source from the content-addressed store, hash-verified

23
24
25def host_is_trusted(
26 hostname: str | None, trusted_list: t.Collection[str] | None = None
27) -> bool:
28 """Perform some checks on a ``Host`` header ``host:port``. The host must be
29 made up of valid characters, but this does not check validity beyond that.
30 If a list of trusted domains is given, the domain must match one.
31
32 :param hostname: The ``Host`` header ``host:port`` to check.
33 :param trusted_list: A list of trusted domains to match. These should
34 already be IDNA encoded, but will be encoded if needed. The port is
35 ignored for this check. If a name starts with a dot it will match as a
36 suffix, accepting all subdomains. If empty or ``None``, all domains are
37 allowed.
38
39 .. versionchanged:: 3.2
40 The value's characters are validated.
41
42 .. versionchanged:: 3.2
43 ``trusted_list`` defaults to ``None``.
44
45 .. versionadded:: 0.9
46 """
47 if not hostname:
48 return False
49
50 if _host_re.fullmatch(hostname) is None:
51 return False
52
53 hostname = hostname.partition(":")[0]
54
55 if not trusted_list:
56 return True
57
58 if isinstance(trusted_list, str):
59 trusted_list = [trusted_list]
60
61 for ref in trusted_list:
62 if ref.startswith("."):
63 ref = ref[1:]
64 suffix_match = True
65 else:
66 suffix_match = False
67
68 try:
69 ref = ref.partition(":")[0].encode("idna").decode("ascii")
70 except UnicodeEncodeError:
71 return False
72
73 if ref == hostname or (suffix_match and hostname.endswith(f".{ref}")):
74 return True
75
76 return False
77
78
79def get_host(

Callers 2

get_hostFunction · 0.85
check_host_trustMethod · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected