Browse Source

Make debug option of wsgi server configurable

Because in some deployments tracebacks in API responses are unwanted
for security reasons.

Change-Id: I8a2acea7393c369bfa7d7822f21b4d40d56d6739
Needed-By: https://review.opendev.org/c/openstack/neutron/+/818391
Partial-Bug: #1951429
changes/48/818548/2 2.8.0
Bence Romsics 6 months ago committed by Stephen Finucane
parent
commit
6552b9a820
  1. 5
      oslo_service/_options.py
  2. 2
      oslo_service/wsgi.py
  3. 7
      releasenotes/notes/add-wsgi_server_debug-opt-70d818b5b78bfc7c.yaml

5
oslo_service/_options.py

@ -88,6 +88,11 @@ wsgi_opts = [
"If an incoming connection is idle for this number of "
"seconds it will be closed. A value of '0' means "
"wait forever."),
cfg.BoolOpt('wsgi_server_debug',
default=False,
help="True if the server should send exception tracebacks to "
"the clients on 500 errors. If False, the server will "
"respond with empty bodies."),
]
ssl_opts = [

2
oslo_service/wsgi.py

@ -180,7 +180,7 @@ class Server(service.ServiceBase):
'custom_pool': self._pool,
'log': self._logger,
'log_format': self.conf.wsgi_log_format,
'debug': False,
'debug': self.conf.wsgi_server_debug,
'keepalive': self.conf.wsgi_keep_alive,
'socket_timeout': self.client_socket_timeout
}

7
releasenotes/notes/add-wsgi_server_debug-opt-70d818b5b78bfc7c.yaml

@ -0,0 +1,7 @@
---
features:
- |
A new config options, ``[DEFAULT] wsgi_server_debug``, has been added.
This allows admins to configure whether the server should send exception
tracebacks to the clients on HTTP 500 errors. This defaults to ``False``,
preserving previous behavior.
Loading…
Cancel
Save