id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
6880	django.http.get_host() breaks reverse proxying on apache	Kellen	nobody	"django.http.HttpResponseRedirect uses django.http.get_host() to get the hostname for relative redirects, but generates incorrect redirects when an app is behind a reverse proxy. In particular, get_host() uses the HTTP_X_FORWARDED_HOST, which will be the proxying domain rather than the proxied-to domain. This is bad when a proxy is being used to avoid part of /the/path/to/an/app/, since the whole path will be appended to the proxying domain, which will then rewrite it for the proxied-to domain and most often 404.

As an example:
I have a non-fancy django app, which uses HttpResponseRedirect to forward from various pages to others (say, on successful form submission). This lives on one domain, called backend. On another domain, frontend, I am using apache2 to reverse proxy to part of the application on backend. 

When my app successfully adds a new item, it redirects from the add view at /app/object/add/ to the object view at /app/object/id/. This works when one adds an object while accessing backend directly. When one adds an object through frontend, however, a redirect is issued to the correct path on backend, '''but on the frontend domain'''. Backend should issue a redirect to: backend.com/app/object/id/, which apache should rewrite to frontend.com/object/id/ with ProxyPassReverse, which the browser should then attempt to access, and /object/id/ should be rewritten to /app/object/id/ on backend. What happens instead is a redirect to '''frontend'''.com/'''app'''/object/id/ is issued, the browser accesses the path, and it is rewritten to /app/'''app'''/object/id/ on backend, and a 404 results.

On frontend:
{{{
<VirtualHost xxx.xxx.xxx.xxx>
    ServerAdmin admin@frontend
    DocumentRoot /var/www/
    ServerName www.frontend.com
    ServerAlias frontend.com

    ProxyPass / http://frontend.com/app/
    ProxyPassReverse / http://frontend.com/app/
    SetOutputFilter proxy-html
    ProxyHTMLURLMap http://frontend.com/app/ /
</VirtualHost>
}}}

"	Bug	closed	HTTP handling	dev	Normal	fixed	redirect httpresponseredirect get_host reverse proxy squid apache	kellen@…	Design decision needed	1	0	1	0	0	0