Thanks to visit codestin.com
Credit goes to github.com

Skip to content

ref(wsgi): Update _werkzeug vendor to newer version #4793

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

ref(wsgi): Update _werkzeug vendor to newer version #4793

wants to merge 1 commit into from
+87 −34

Conversation

mgaligniana
Copy link
Contributor

Fixes GH-3516

mgaligniana
mgaligniana commented Sep 12, 2025
View reviewed changes
sentry_sdk/_werkzeug.py
host = host[:-3]
elif scheme in {"https", "wss"} and host.endswith(":443"):
host = host[:-4]

Copy link
Contributor Author

@mgaligniana mgaligniana Sep 12, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📝 Here werkzeug have a condition for trusted hosts: https://github.com/pallets/werkzeug/blob/3.1.3/src/werkzeug/sansio/utils.py#L98

Why we don't use it?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume because we're only using the get_host function to reconstruct the request URL and not any actual functionality.

mgaligniana
mgaligniana commented Sep 12, 2025
View reviewed changes
sentry_sdk/_werkzeug.py
host = f"[{host}]"

if server[1] is not None:
host = f"{host}:{server[1]}" # noqa: E231
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎗️ I had to define this because of:

E231 missing whitespace after ':'

@mgaligniana mgaligniana force-pushed the GH-3516-werkzeug-vendor-update branch 2 times, most recently from 75b9810 to dab33fb Compare September 12, 2025 16:09
@codecov Codecov
Copy link

codecov bot commented Sep 12, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 44.44444% with 15 lines in your changes missing coverage. Please review.
✅ Project coverage is 83.41%. Comparing base (5a122b5) to head (ba2c350).

Files with missing lines Patch % Lines
sentry_sdk/_werkzeug.py 44.44% 11 Missing and 4 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4793      +/-   ##
==========================================
- Coverage   84.47%   83.41%   -1.07%     
==========================================
  Files         158      158              
  Lines       16506    16512       +6     
  Branches     2865     2864       -1     
==========================================
- Hits        13944    13773     -171     
- Misses       1712     1889     +177     
  Partials      850      850
Files with missing lines Coverage Δ
sentry_sdk/_werkzeug.py 54.54% <44.44%> (+6.39%) ⬆️

... and 8 files with indirect coverage changes

@mgaligniana mgaligniana force-pushed the GH-3516-werkzeug-vendor-update branch 6 times, most recently from ba2c350 to 6238c21 Compare September 12, 2025 18:58
mgaligniana
mgaligniana commented Sep 12, 2025
View reviewed changes
sentry_sdk/_werkzeug.py
return None

try:
port = int(environ.get("SERVER_PORT", None)) # type: ignore[arg-type]
Copy link
Contributor Author

@mgaligniana mgaligniana Sep 12, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This # type was introduced in main branch not in 3.1.3

@mgaligniana mgaligniana marked this pull request as ready for review September 12, 2025 19:14
@mgaligniana mgaligniana requested a review from a team as a code owner September 12, 2025 19:14
cursor[bot]

This comment was marked as outdated.

Sign in to view

seer-by-sentry[bot]
seer-by-sentry bot reviewed Sep 12, 2025
View reviewed changes
@mgaligniana mgaligniana marked this pull request as draft September 15, 2025 12:54
@sentrivana
Copy link
Contributor

Thanks for the PR @mgaligniana -- I think the HTTP_X_FORWARDED_HOST handling needs to be added manually on top of the vendored in code. As far as I can tell we also did that in the current version as the original upstream 1.0.1 version also doesn't contain it.

@mgaligniana mgaligniana force-pushed the GH-3516-werkzeug-vendor-update branch from 6238c21 to b4ee7ae Compare September 17, 2025 03:10
mgaligniana
mgaligniana commented Sep 17, 2025
View reviewed changes
sentry_sdk/_werkzeug.py
Comment on lines +73 to +77
(
environ.get("HTTP_HOST")
if not use_x_forwarded_for
else environ.get("HTTP_X_FORWARDED_HOST")
),
Copy link
Contributor Author

@mgaligniana mgaligniana Sep 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎗️ The previous condition was: if use_x_forwarded_for and "HTTP_X_FORWARDED_HOST" in environ:

But if we have use_x_forwarded_for in True doesn't mean HTTP_X_FORWARDED_HOST will be present?

@mgaligniana mgaligniana marked this pull request as ready for review September 17, 2025 03:17
@mgaligniana
Copy link
Contributor Author

mgaligniana commented Sep 17, 2025
edited
Loading

Ok, Seer 🎉 liked!

But codecov not, should I add new tests for the new vendor?

Edited: I think yes because Anton said:

Also make sure this code is tested to have a high test coverage. (maybe by vendoring in the related tests from Werkzeug?)

But do you think I should copy-paste the test from werkzeug to get_host for example?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seer-by-sentry seer-by-sentry[bot] seer-by-sentry[bot] left review comments

@cursor cursor[bot] cursor[bot] left review comments

@sentrivana sentrivana Awaiting requested review from sentrivana

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Check if we still need _werkzeug.py
2 participants
@mgaligniana @sentrivana