Merge "Add warning on setting secure_proxy_ssl_header"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
2b7ccf35e6
@ -67,8 +67,22 @@ for the original request, even if it was removed by a SSL terminating proxy.
|
|||||||
|
|
||||||
Possible values:
|
Possible values:
|
||||||
|
|
||||||
* None (default) - the request scheme is not influenced by any HTTP headers.
|
* None (default) - the request scheme is not influenced by any HTTP headers
|
||||||
* Valid HTTP header, like HTTP_X_FORWARDED_PROTO
|
* Valid HTTP header, like HTTP_X_FORWARDED_PROTO
|
||||||
|
|
||||||
|
WARNING: Do not set this unless you know what you are doing.
|
||||||
|
|
||||||
|
Make sure ALL of the following are true before setting this (assuming the
|
||||||
|
values from the example above):
|
||||||
|
* Your API is behind a proxy.
|
||||||
|
* Your proxy strips the X-Forwarded-Proto header from all incoming requests.
|
||||||
|
In other words, if end users include that header in their requests, the proxy
|
||||||
|
will discard it.
|
||||||
|
* Your proxy sets the X-Forwarded-Proto header and sends it to API, but only
|
||||||
|
for requests that originally come in via HTTPS.
|
||||||
|
|
||||||
|
If any of those are not true, you should keep this setting set to None.
|
||||||
|
|
||||||
"""),
|
"""),
|
||||||
cfg.StrOpt(
|
cfg.StrOpt(
|
||||||
'ssl_ca_file',
|
'ssl_ca_file',
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user