yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #46323
[Bug 1528258] Re: secure_proxy_ssl_header should default to HTTP_X_FORWARDED_PROTO
Reviewed: https://review.openstack.org/280435
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=eb104714f2488bd8281fbc656c5d0e470939231e
Submitter: Jenkins
Branch: master
commit eb104714f2488bd8281fbc656c5d0e470939231e
Author: Steve Martinelli <stevemar@xxxxxxxxxx>
Date: Mon Feb 15 17:37:56 2016 -0500
sensible default for secure_proxy_ssl_header
there is only one sensible default for secure_proxy_ssl_header,
so let's use it, one less step for deployers to configure.
Change-Id: I0cee5d6051b2c91bc87dc7eabcec57dd4852184c
Closes-Bug: 1528258
** Changed in: keystone
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1528258
Title:
secure_proxy_ssl_header should default to HTTP_X_FORWARDED_PROTO
Status in OpenStack Identity (keystone):
Fix Released
Bug description:
https://bugs.launchpad.net/keystone/+bug/1370022 resulted in
https://review.openstack.org/132235 which added
secure_proxy_ssl_header option being added to keystone. It works if
it's correctly set, but there is no valid reason why you would not
want to enable this feature by default. It adds an extra burden to
configuration managers when there's exactly 1 ideal default value
(even specified in the comment for the option).
I propose that we have default/secure_proxy_ssl_header =
"HTTP_X_FORWARDED_PROTO" instead of default/secure_proxy_ssl_header =
<None> instated as default in the package.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1528258/+subscriptions
References