yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1558683] [NEW] Versions endpoint does not support X-Forwarded-Proto

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dave McCowan <dmccowan@xxxxxxxxx>
Date: Thu, 17 Mar 2016 17:07:49 -0000
Reply-to: Bug 1558683 <1558683@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

When a project is deployed behind a SSL terminating proxy, the version
endpoint returns the wrong URLs.  The returned protocol in the reponse
URLs is  http:// instead of the expected https://.

This is because the response built by versions.py git the host
information only from the incoming req.  If SSL has been terminated by a
proxy, then the information in the req indicates http://.  Other
projects have addressed this by adding the config parameter
secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO.  This will tell the
project to use the value in X-Forwarded-Proto (https or http) when
building the URLs in the response.  Nova and Keystone support this
configuration option.

** Affects: cinder
     Importance: Medium
         Status: New

** Affects: glance
     Importance: Undecided
         Status: New

** Also affects: glance
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1558683

Title:
  Versions endpoint does not support X-Forwarded-Proto

Status in Cinder:
  New
Status in Glance:
  New

Bug description:
  When a project is deployed behind a SSL terminating proxy, the version
  endpoint returns the wrong URLs.  The returned protocol in the reponse
  URLs is  http:// instead of the expected https://.

  This is because the response built by versions.py git the host
  information only from the incoming req.  If SSL has been terminated by
  a proxy, then the information in the req indicates http://.  Other
  projects have addressed this by adding the config parameter
  secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO.  This will tell the
  project to use the value in X-Forwarded-Proto (https or http) when
  building the URLs in the response.  Nova and Keystone support this
  configuration option.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1558683/+subscriptions

Follow ups

[Bug 1558683] Re: Versions endpoint does not support X-Forwarded-Proto
From: Seyeong Kim, 2018-03-20
[Bug 1558683] Re: Versions endpoint does not support X-Forwarded-Proto
From: Seyeong Kim, 2017-11-20
[Bug 1558683] Re: Versions endpoint does not support X-Forwarded-Proto
From: OpenStack Infra, 2016-06-14
[Bug 1558683] Re: Versions endpoint does not support X-Forwarded-Proto
From: OpenStack Infra, 2016-05-25