@@ -50,43 +50,52 @@ def _validate_host(self, host: str | None) -> bool: # pragma: no cover
5050 print (host )
5151 if host in self .settings .allowed_hosts :
5252 return True
53-
53+
5454 for allowed in self .settings .allowed_hosts :
55- # normalize incoming host
56- host_without_https = host .replace ("https://" , "" ).replace ("http://" , "" ).split ("/" )[0 ].strip ()
5755
56+ # normalize incoming host
57+ host_without_https = (
58+ host .replace ("https://" , "" )
59+ .replace ("http://" , "" )
60+ .split ("/" )[0 ]
61+ .strip ()
62+ )
63+
5864 # split request host + port
5965 if ":" in host_without_https :
6066 request_host , request_port = host_without_https .split (":" , 1 )
6167 else :
6268 request_host = host_without_https
6369 request_port = None
64-
70+
6571 # ---------- CASE 1: wildcard port (example.com:*) ----------
6672 if allowed .endswith (":*" ):
6773 base_host = allowed [:- 2 ]
6874 print (base_host )
69-
75+
7076 if request_host == base_host :
7177 return True
72-
78+
7379 # ---------- CASE 2: specific port (example.com:443) ----------
7480 elif ":" in allowed :
7581 allowed_host , allowed_port = allowed .split (":" , 1 )
76-
77- if request_host == allowed_host and request_port == allowed_port :
82+
83+ if (
84+ request_host == allowed_host
85+ and request_port == allowed_port
86+ ):
7887 return True
79-
88+
8089 # ---------- CASE 3: host only (allow any port) ----------
8190 else :
8291 if request_host == allowed :
8392 return True
84-
93+
8594 logger .warning (f"Invalid Host header: { host } )
8695 return False
87-
96+
8897 logger .warning (f"Invalid Host header: { host } )
89- return False
98+ return False
9099
91100 def _validate_origin (self , origin : str | None ) -> bool : # pragma: no cover
92101 """Validate the Origin header against allowed values."""
0 commit comments