yahoo-eng-team team mailing list archive

[Matthew Mosesohn <mmosesohn@xxxxxxxxxxxx>]

Public bug reported:

https://bugs.launchpad.net/keystone/+bug/1370022 resulted in
https://review.openstack.org/132235 which added secure_proxy_ssl_header
option being added to keystone. It works if it's correctly set, but
there is no valid reason why you would not want to enable this feature
by default. It adds an extra burden to configuration managers when
there's exactly 1 ideal default value (even specified in the comment for
the option).

I propose that we have default/secure_proxy_ssl_header =
"HTTP_X_FORWARDED_PROTO" instead of default/secure_proxy_ssl_header =
<None> instated as default in the package.

** Affects: keystone
     Importance: Undecided
     Assignee: Boris Bobrov (bbobrov)
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1528258

Title:
  secure_proxy_ssl_header should default to HTTP_X_FORWARDED_PROTO

Status in OpenStack Identity (keystone):
  New

Bug description:
  https://bugs.launchpad.net/keystone/+bug/1370022 resulted in
  https://review.openstack.org/132235 which added
  secure_proxy_ssl_header option being added to keystone. It works if
  it's correctly set, but there is no valid reason why you would not
  want to enable this feature by default. It adds an extra burden to
  configuration managers when there's exactly 1 ideal default value
  (even specified in the comment for the option).

  I propose that we have default/secure_proxy_ssl_header =
  "HTTP_X_FORWARDED_PROTO" instead of default/secure_proxy_ssl_header =
  <None> instated as default in the package.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1528258/+subscriptions