Revert "Merge pull request #370 from Yourun-proger/del_warnings"

This reverts commit 603d2c12ce09fcd1be0b7a5734b4fca339820286, reversing
changes made to 9e0b8c801e4d505c2ffc91b891af4ba48af715e0.

3 files changed, 31 insertions, 7 deletions

diff --git a/docs/arguments.rst b/docs/arguments.rst
index db765e4..f9b9310 100644
--- a/docs/arguments.rst
+++ b/docs/arguments.rst
@@ -158,11 +158,7 @@ clear_untrusted_proxy_headers
    "X-Forwared-For", "X-Forwarded-By", "X-Forwarded-Host", "X-Forwarded-Port",
    "X-Forwarded-Proto") not explicitly allowed by ``trusted_proxy_headers``.
 
-   Default: ``True``
-
-   .. versionchanged:: 2.1.2
-      In this version default value is set to ``True`` and deprecation warning
-      doesn't show up anymore.
+   Default: ``False``
 
    .. versionadded:: 1.2.0
 
diff --git a/src/waitress/adjustments.py b/src/waitress/adjustments.py
index e08d75d..f2a852c 100644
--- a/src/waitress/adjustments.py
+++ b/src/waitress/adjustments.py
@@ -95,6 +95,10 @@ class _int_marker(int):
     pass
 
 
+class _bool_marker:
+    pass
+
+
 class Adjustments:
     """This class contains tunable parameters."""
 
@@ -176,8 +180,9 @@ class Adjustments:
     # proxy server to filter invalid headers
     log_untrusted_proxy_headers = False
 
-    # Changed this parameter to True by default in 2.x
-    clear_untrusted_proxy_headers = True
+    # Should waitress clear any proxy headers that are not deemed trusted from
+    # the environ? Change to True by default in 2.x
+    clear_untrusted_proxy_headers = _bool_marker
 
     # default ``wsgi.url_scheme`` value
     url_scheme = "http"
@@ -440,6 +445,15 @@ class Adjustments:
             )
             self.trusted_proxy_headers = {"x-forwarded-proto"}
 
+        if self.clear_untrusted_proxy_headers is _bool_marker:
+            warnings.warn(
+                "In future versions of Waitress clear_untrusted_proxy_headers will be "
+                "set to True by default. You may opt-out by setting this value to "
+                "False, or opt-in explicitly by setting this to True.",
+                DeprecationWarning,
+            )
+            self.clear_untrusted_proxy_headers = False
+
         self.listen = wanted_sockets
 
         self.check_sockets(self.sockets)
diff --git a/tests/test_adjustments.py b/tests/test_adjustments.py
index cbbb006..69cdf51 100644
--- a/tests/test_adjustments.py
+++ b/tests/test_adjustments.py
@@ -354,6 +354,20 @@ class TestAdjustments(unittest.TestCase):
             self.assertTrue(issubclass(w[0].category, DeprecationWarning))
             self.assertIn("Implicitly trusting X-Forwarded-Proto", str(w[0]))
 
+    def test_clear_untrusted_proxy_headers(self):
+        with warnings.catch_warnings(record=True) as w:
+            warnings.resetwarnings()
+            warnings.simplefilter("always")
+            self._makeOne(
+                trusted_proxy="localhost", trusted_proxy_headers={"x-forwarded-for"}
+            )
+
+            self.assertGreaterEqual(len(w), 1)
+            self.assertTrue(issubclass(w[0].category, DeprecationWarning))
+            self.assertIn(
+                "clear_untrusted_proxy_headers will be set to True", str(w[0])
+            )
+
     def test_deprecated_send_bytes(self):
         with warnings.catch_warnings(record=True) as w:
             warnings.resetwarnings()