Add warning on setting secure_proxy_ssl_header
secure_proxy_ssl_header is used when the API is behind an proxy that terminate the HTTPS connection. This commit is just adding a warning on the config description in order to make sure that the user understand what he is doing when setting this. Change-Id: I5c2cb56109508fb7215a3a42a0ab1c831083182f Signed-off-by: Arnaud Morin <arnaud.morin@corp.ovh.com>
This commit is contained in:
Arnaud Morin
parent
ae753d9628
commit
f35d0df14c
|
|
@ -67,8 +67,22 @@ for the original request, even if it was removed by a SSL terminating proxy.
|
|||
|
||||
Possible values:
|
||||
|
||||
* None (default) - the request scheme is not influenced by any HTTP headers.
|
||||
* None (default) - the request scheme is not influenced by any HTTP headers
|
||||
* Valid HTTP header, like HTTP_X_FORWARDED_PROTO
|
||||
|
||||
WARNING: Do not set this unless you know what you are doing.
|
||||
|
||||
Make sure ALL of the following are true before setting this (assuming the
|
||||
values from the example above):
|
||||
* Your API is behind a proxy.
|
||||
* Your proxy strips the X-Forwarded-Proto header from all incoming requests.
|
||||
In other words, if end users include that header in their requests, the proxy
|
||||
will discard it.
|
||||
* Your proxy sets the X-Forwarded-Proto header and sends it to API, but only
|
||||
for requests that originally come in via HTTPS.
|
||||
|
||||
If any of those are not true, you should keep this setting set to None.
|
||||
|
||||
"""),
|
||||
cfg.StrOpt(
|
||||
'ssl_ca_file',
|
||||
|
|
|
|||
Loading…
Reference in New Issue