validate hostname without port for ssl redirection

Xpra-org · Sep 19, 2024 · 4e64fb7 · 4e64fb7
1 parent 6bfd2dc
commit 4e64fb7
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/xpra/net/websockets/handler.py b/xpra/net/websockets/handler.py
@@ -115,9 +115,14 @@ def do_redirect_https(self) -> None:
             log.warn("Warning: cannot redirect to https without a 'Host' header")
             self.send_error(400, "Client did not send a 'Host' header")
             return
-        if not is_valid_hostname(server_address):
+        parts = server_address.split(":")
+        if len(parts) == 2:
+            host = parts[0]
+        else:
+            host = server_address
+        if not is_valid_hostname(host):
             log.warn("Warning: cannot redirect to https using an invalid hostname")
-            log.warn(f" {server_address!r}")
+            log.warn(f" {host!r}")
             self.send_error(400, "Client specified an invalid 'Host' header")
             return
         self.write_byte_strings(