From d264794d09fd8de4172623eec459a2efe31257ad Mon Sep 17 00:00:00 2001 From: pgjones Date: Sun, 26 May 2024 10:07:27 +0100 Subject: [PATCH] Improve the proxy fix docs This should make it clearer what the trusted_hops argument should be. This is based on the Werkzeug docs. --- docs/how_to_guides/proxy_fix.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/how_to_guides/proxy_fix.rst b/docs/how_to_guides/proxy_fix.rst index dd8d080f..ca7e6f73 100644 --- a/docs/how_to_guides/proxy_fix.rst +++ b/docs/how_to_guides/proxy_fix.rst @@ -31,3 +31,8 @@ wrap your app and serve the wrapped app, user-agent (client) may be trusted and hence able to set alternative for, proto, and host values. This can, depending on your usage in the app, lead to security vulnerabilities. + +The ``trusted_hops`` argument should be set to the number of proxies +that are chained in front of Hypercorn. You should set this to how +many proxies are setting the headers so the middleware knows what to +trust.