Support forwarded headers that do not contain a host key (#788)

* Support forwarded headers that do not contain a host key

* Add correct PR number to changelog

* Avoid python3.10 typing features

Author: lukasbindreiter

CHANGES.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## Unreleased
+
+### Fixed
+
+* support `forwarded` headers in `ProxyHeaderMiddleware` that do not contain a host key ([#788](https://github.com/stac-utils/stac-fastapi/pull/788))
+
 ## [4.0.0] - 2025-01-17
 
 ### Changed

stac_fastapi/api/stac_fastapi/api/middleware.py

@@ -4,7 +4,7 @@
 import re
 import typing
 from http.client import HTTP_PORT, HTTPS_PORT
-from typing import List, Tuple
+from typing import List, Optional, Tuple
 
 from starlette.middleware.cors import CORSMiddleware as _CORSMiddleware
 from starlette.types import ASGIApp, Receive, Scope, Send
@@ -95,12 +95,13 @@ def _get_forwarded_url_parts(self, scope: Scope) -> Tuple[str]:
                 domain = header_host_parts[0]
                 port = None
 
+        port_str = None  # make sure it is defined in all paths since we access it later
+
         if forwarded := self._get_header_value_by_name(scope, "forwarded"):
             for proxy in forwarded.split(","):
-                if (proto_expr := _PROTO_HEADER_REGEX.search(proxy)) and (
-                    host_expr := _HOST_HEADER_REGEX.search(proxy)
-                ):
+                if proto_expr := _PROTO_HEADER_REGEX.search(proxy):
                     proto = proto_expr.group("proto")
+                if host_expr := _HOST_HEADER_REGEX.search(proxy):
                     domain = host_expr.group("host")
                     port_str = host_expr.group("port")  # None if not present in the match
 
@@ -115,8 +116,8 @@ def _get_forwarded_url_parts(self, scope: Scope) -> Tuple[str]:
         return (proto, domain, port)
 
     def _get_header_value_by_name(
-        self, scope: Scope, header_name: str, default_value: str = None
-    ) -> str:
+        self, scope: Scope, header_name: str, default_value: Optional[str] = None
+    ) -> Optional[str]:
         headers = scope["headers"]
         candidates = [
             value.decode() for key, value in headers if key.decode() == header_name

stac_fastapi/api/tests/test_middleware.py

@@ -183,6 +183,20 @@ def test_replace_header_value_by_name(
             },
             ("https", "test", 1234),
         ),
+        (
+            {
+                "scheme": "http",
+                "server": ["testserver", 80],
+                "headers": [
+                    (
+                        b"forwarded",
+                        # proto is set, but no host
+                        b'for="85.193.181.55";proto=https,for="85.193.181.55";proto=https',
+                    )
+                ],
+            },
+            ("https", "testserver", 80),
+        ),
     ],
 )
 def test_get_forwarded_url_parts(