← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1528258] Re: secure_proxy_ssl_header should default to HTTP_X_FORWARDED_PROTO

 

Reviewed:  https://review.openstack.org/280435
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=eb104714f2488bd8281fbc656c5d0e470939231e
Submitter: Jenkins
Branch:    master

commit eb104714f2488bd8281fbc656c5d0e470939231e
Author: Steve Martinelli <stevemar@xxxxxxxxxx>
Date:   Mon Feb 15 17:37:56 2016 -0500

    sensible default for secure_proxy_ssl_header
    
    there is only one sensible default for secure_proxy_ssl_header,
    so let's use it, one less step for deployers to configure.
    
    Change-Id: I0cee5d6051b2c91bc87dc7eabcec57dd4852184c
    Closes-Bug: 1528258


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1528258

Title:
  secure_proxy_ssl_header should default to HTTP_X_FORWARDED_PROTO

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  https://bugs.launchpad.net/keystone/+bug/1370022 resulted in
  https://review.openstack.org/132235 which added
  secure_proxy_ssl_header option being added to keystone. It works if
  it's correctly set, but there is no valid reason why you would not
  want to enable this feature by default. It adds an extra burden to
  configuration managers when there's exactly 1 ideal default value
  (even specified in the comment for the option).

  I propose that we have default/secure_proxy_ssl_header =
  "HTTP_X_FORWARDED_PROTO" instead of default/secure_proxy_ssl_header =
  <None> instated as default in the package.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1528258/+subscriptions


References