Skip to content

ref(wsgi): Update _werkzeug vendor to newer version #4793

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

ref(wsgi): Update _werkzeug vendor to newer version #4793

wants to merge 1 commit into from

Conversation

mgaligniana
Copy link
Contributor

Fixes GH-3516

mgaligniana
mgaligniana commented Sep 12, 2025
View reviewed changes
mgaligniana
mgaligniana commented Sep 12, 2025
View reviewed changes
@mgaligniana mgaligniana force-pushed the GH-3516-werkzeug-vendor-update branch 2 times, most recently from 75b9810 to dab33fb Compare September 12, 2025 16:09
@codecov Codecov
Copy link

codecov bot commented Sep 12, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 44.44444% with 15 lines in your changes missing coverage. Please review.
✅ Project coverage is 83.41%. Comparing base (5a122b5) to head (ba2c350).

Files with missing lines Patch % Lines
sentry_sdk/_werkzeug.py 44.44% 11 Missing and 4 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4793      +/-   ##
==========================================
- Coverage   84.47%   83.41%   -1.07%     
==========================================
  Files         158      158              
  Lines       16506    16512       +6     
  Branches     2865     2864       -1     
==========================================
- Hits        13944    13773     -171     
- Misses       1712     1889     +177     
  Partials      850      850
Files with missing lines Coverage Δ
sentry_sdk/_werkzeug.py 54.54% <44.44%> (+6.39%) ⬆️

... and 8 files with indirect coverage changes

@mgaligniana mgaligniana force-pushed the GH-3516-werkzeug-vendor-update branch 6 times, most recently from ba2c350 to 6238c21 Compare September 12, 2025 18:58
mgaligniana
mgaligniana commented Sep 12, 2025
View reviewed changes
@mgaligniana mgaligniana marked this pull request as ready for review September 12, 2025 19:14
@mgaligniana mgaligniana requested a review from a team as a code owner September 12, 2025 19:14
cursor[bot]

This comment was marked as outdated.

Sign in to view

seer-by-sentry[bot]
seer-by-sentry bot reviewed Sep 12, 2025
View reviewed changes
@mgaligniana mgaligniana marked this pull request as draft September 15, 2025 12:54
@sentrivana
Copy link
Contributor

Thanks for the PR @mgaligniana -- I think the HTTP_X_FORWARDED_HOST handling needs to be added manually on top of the vendored in code. As far as I can tell we also did that in the current version as the original upstream 1.0.1 version also doesn't contain it.

@mgaligniana mgaligniana force-pushed the GH-3516-werkzeug-vendor-update branch from 6238c21 to b4ee7ae Compare September 17, 2025 03:10
mgaligniana
mgaligniana commented Sep 17, 2025
View reviewed changes
sentry_sdk/_werkzeug.py
Comment on lines 73 to 77
(
environ.get("HTTP_HOST")
if not use_x_forwarded_for
else environ.get("HTTP_X_FORWARDED_HOST")
),
Copy link
Contributor Author

@mgaligniana mgaligniana Sep 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎗️ The previous condition was: if use_x_forwarded_for and "HTTP_X_FORWARDED_HOST" in environ:

But if we have use_x_forwarded_for in True doesn't mean HTTP_X_FORWARDED_HOST will be present?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah AFAIT this doesn't translate to the old logic 1:1 since before, if use_x_forwarded_for was True but there was no HTTP_X_FORWARDED_HOST, we would fall back to the other headers, whereas here, we wouldn't. We shouldn't assume the header is there, it's more like, if it's there, use it. So this probably needs an extra check:

environ["HTTP_X_FORWARDED_HOST"]
if use_x_forwarded_for and environ.get("HTTP_X_FORWARDED_HOST")
else environ.get("HTTP_HOST")

@mgaligniana mgaligniana marked this pull request as ready for review September 17, 2025 03:17
@mgaligniana
Copy link
Contributor Author

mgaligniana commented Sep 17, 2025
edited
Loading

Ok, Seer 🎉 liked!

But codecov not, should I add new tests for the new vendor?

Edited: I think yes because Anton said:

Also make sure this code is tested to have a high test coverage. (maybe by vendoring in the related tests from Werkzeug?)

But do you think I should copy-paste the test from werkzeug to get_host for example?

@sentrivana
Copy link
Contributor

But do you think I should copy-paste the test from werkzeug to get_host for example?

Tests would be great. I think the one you linked would be good, plus something custom for the HTTP_X_FORWARDED_HOST stuff.

@mgaligniana mgaligniana force-pushed the GH-3516-werkzeug-vendor-update branch from b4ee7ae to 2b7f7f1 Compare September 19, 2025 03:03
@mgaligniana mgaligniana force-pushed the GH-3516-werkzeug-vendor-update branch from 2b7f7f1 to 71d1151 Compare September 19, 2025 03:23
@mgaligniana
Copy link
Contributor Author

So adding that now we have
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seer-by-sentry seer-by-sentry[bot] seer-by-sentry[bot] left review comments

@cursor cursor[bot] cursor[bot] left review comments

@sentrivana sentrivana Awaiting requested review from sentrivana

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Check if we still need _werkzeug.py
2 participants
@mgaligniana @sentrivana