yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1558683] Re: Versions endpoint does not support X-Forwarded-Proto

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Seyeong Kim <seyeong.kim@xxxxxxxxxxxxx>
Date: Mon, 20 Nov 2017 03:31:36 -0000
Reply-to: Bug 1558683 <1558683@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: charm-cinder
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1558683

Title:
  Versions endpoint does not support X-Forwarded-Proto

Status in OpenStack cinder charm:
  New
Status in Cinder:
  Fix Released
Status in Glance:
  Fix Released

Bug description:
  When a project is deployed behind a SSL terminating proxy, the version
  endpoint returns the wrong URLs.  The returned protocol in the reponse
  URLs is  http:// instead of the expected https://.

  This is because the response built by versions.py git the host
  information only from the incoming req.  If SSL has been terminated by
  a proxy, then the information in the req indicates http://.  Other
  projects have addressed this by adding the config parameter
  secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO.  This will tell the
  project to use the value in X-Forwarded-Proto (https or http) when
  building the URLs in the response.  Nova and Keystone support this
  configuration option.

  One workaround is to set the public_endpoint parameter. However, the
  value set for public_endpoint, is also returned when the internal and
  admin version endpoints are queried, which breaks other things.

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-cinder/+bug/1558683/+subscriptions

References

[Bug 1558683] [NEW] Versions endpoint does not support X-Forwarded-Proto
From: Dave McCowan, 2016-03-17