You are missing the ProxyFix()
middleware component. See the Flask Proxy Setups documentation.
There is no need to subclass anything; simply add this middleware component to your WSGI stack:
# Werkzeug 0.15 and newer
from werkzeug.middleware.proxy_fix import ProxyFix
from flask import Flask
app = Flask(__name__)
app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1)
If you have Flask installed, you have Werkzeug too, but do pin the version to >=0.15 to get the updated version of ProxyFix
(Flask 1.1.0 and newer already use that version).
This component sets the WSGI scheme from the X-Forwarded-Proto header. Do read the Flask documentation I linked you to above about trusting headers and about customising the middleware to your specific situation. Above, I’ve configured it to only look at X-Forwarded-Proto
, but the component can handle other X-Forwarded-*
configurations too.
The default is to trust one level of X-Forwarded-For
, add x_for=0
to the keyword arguments if you want to disable this.
Also note that the functionality of the ProxyFix
middleware has been expanded quite significantly in Werkzeug 0.15; in addition to X-Forwarded-Proto
, -For
, and -Host
, the X-Forwarded-Port
and -Prefix
headers are also consulted, all headers support multiple values.