Django

Code

Ticket #6548 (new)

Opened 2 years ago

Last modified 3 weeks ago

django behind apache ssl proxy

Reported by: laureline.guerin@makina-corpus.org Assigned to: nobody
Milestone: Component: HTTP handling
Version: SVN Keywords:
Cc: anball@gmail.com Triage Stage: Design decision needed
Has patch: 0 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 0

Description (Last modified by ramiro)

I've seen some code in http/__init__.py:get_host function to handle X-FORWARDED-HOST that could be added by an apache proxy.

Unfortunately, there is no way to determine if proxy is acceded in https or http, so an issue occures when django wants to build an url for some Redirect : the url is built using the X-FORWARDED-HOST, but always assume that the proxy is non-SSL.

I think there could be some solutions to solve this issue :

  • Remove test for X-FORWARDED-HOST in get_host, apache mod_proxy is designed to rewrite Location headers (used in redirect)
  • If some people want to have X-FORWARDED-HOST handled in get_host, then add a setting to enable or disable it
  • add a setting like 'HTTPS_PROXY=on' that would work like HTTPS=ON

Attachments

Change History

02/16/08 00:53:25 changed by Simon Greenhill <dev@simon.net.nz>

  • needs_better_patch changed.
  • stage changed from Unreviewed to Design decision needed.
  • needs_tests changed.
  • needs_docs changed.

Can you raise this on the django-developers mailing list?

06/23/08 13:09:24 changed by ramiro

  • description changed.

07/17/09 00:38:46 changed by anonymous

  • cc set to anball@gmail.com.

02/23/10 15:42:48 changed by calexium

A better solution, I think, should be to use another header (X-FORWARDER-PROTO for example) containing the scheme used by the proxy (http or https). And check into HttpRequest.is_secure() function is this header exists. If not, then use the current way.

Add/Change #6548 (django behind apache ssl proxy)




Change Properties
Action