yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1558683] Re: Versions endpoint does not support X-Forwarded-Proto

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1558683@xxxxxxxxxxxxxxxxxx>
Date: Wed, 25 May 2016 11:07:18 -0000
Reply-to: Bug 1558683 <1558683@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/305152
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=d7e7e7bdf0f112c8315ae38f04b4849338173d51
Submitter: Jenkins
Branch:    master

commit d7e7e7bdf0f112c8315ae38f04b4849338173d51
Author: yuriy_n <ynesenenko@xxxxxxxxxxxx>
Date:   Mon May 23 11:28:25 2016 +0300

    Handle SSL termination proxies for version list
    
    Cinder list with pagination contains wrong scheme for
    'next' link in case of SSL endpoints. This patch fixes
    it and returns the correct scheme in version URLs if
    service is behind an SSL termination proxy.
    
    Change-Id: If5aab9cc25a2e7c66a0bb13b5f7488a667b30309
    Closes-Bug: #1558683


** Changed in: cinder
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1558683

Title:
  Versions endpoint does not support X-Forwarded-Proto

Status in Cinder:
  Fix Released
Status in Glance:
  In Progress

Bug description:
  When a project is deployed behind a SSL terminating proxy, the version
  endpoint returns the wrong URLs.  The returned protocol in the reponse
  URLs is  http:// instead of the expected https://.

  This is because the response built by versions.py git the host
  information only from the incoming req.  If SSL has been terminated by
  a proxy, then the information in the req indicates http://.  Other
  projects have addressed this by adding the config parameter
  secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO.  This will tell the
  project to use the value in X-Forwarded-Proto (https or http) when
  building the URLs in the response.  Nova and Keystone support this
  configuration option.

  One workaround is to set the public_endpoint parameter. However, the
  value set for public_endpoint, is also returned when the internal and
  admin version endpoints are queried, which breaks other things.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1558683/+subscriptions

References

[Bug 1558683] [NEW] Versions endpoint does not support X-Forwarded-Proto
From: Dave McCowan, 2016-03-17