add support for SECURE_PROXY_ADDR_HEADER
Change-Id: I4ab9871e8b238ad87369a77d53acdc7abdf60ffd
This commit is contained in:
parent
7f6de8aa68
commit
05afbe4399
@ -381,6 +381,15 @@
|
||||
# recommended if you're running horizon behind a proxy.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*secure_proxy_addr_header*]
|
||||
# (optional) Enables the SECURE_PROXY_ADDR_HEADER option.
|
||||
# This setting specifies the name of the header with remote IP address.
|
||||
# The commom value for this setting
|
||||
# is HTTP_X_REAL_IP or HTTP_X_FORWARDED_FOR. Note that this is only
|
||||
# recommended if you're running horizon behind a proxy.
|
||||
# If not present, then REMOTE_ADDR header is used
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*disallow_iframe_embed*]
|
||||
# (optional)DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded
|
||||
# within an iframe. Legacy browsers are still vulnerable to a Cross-Frame
|
||||
@ -552,6 +561,7 @@ class horizon(
|
||||
$disable_password_reveal = false,
|
||||
$enforce_password_check = false,
|
||||
$enable_secure_proxy_ssl_header = false,
|
||||
$secure_proxy_addr_header = undef,
|
||||
$disallow_iframe_embed = true,
|
||||
$websso_enabled = false,
|
||||
$websso_initial_choice = undef,
|
||||
|
@ -0,0 +1,7 @@
|
||||
---
|
||||
features:
|
||||
- Support was added to set the SECURE_PROXY_ADDR_HEADER option.
|
||||
If horizon is behind a proxy server and the proxy is configured,
|
||||
the IP address from request is passed using header variables
|
||||
inside the request.
|
||||
This setting specifies the name of the header with remote IP address.
|
@ -142,6 +142,7 @@ describe 'horizon' do
|
||||
:create_image_defaults => {'image_visibility' => 'private'},
|
||||
:password_retrieve => true,
|
||||
:enable_secure_proxy_ssl_header => true,
|
||||
:secure_proxy_addr_header => 'HTTP_X_FORWARDED_FOR',
|
||||
})
|
||||
end
|
||||
|
||||
@ -151,6 +152,7 @@ describe 'horizon' do
|
||||
"SITE_BRANDING = 'mysite'",
|
||||
"ALLOWED_HOSTS = ['some.host.tld', ]",
|
||||
"SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')",
|
||||
"SECURE_PROXY_ADDR_HEADER = 'HTTP_X_FORWARDED_FOR'",
|
||||
'CSRF_COOKIE_SECURE = True',
|
||||
'SESSION_COOKIE_SECURE = True',
|
||||
'SESSION_COOKIE_HTTPONLY = True',
|
||||
|
@ -59,6 +59,12 @@ SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||
#SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||
<% end %>
|
||||
|
||||
# This setting specifies the name of the header with remote IP address
|
||||
#SECURE_PROXY_ADDR_HEADER = False
|
||||
<% if @secure_proxy_addr_header %>
|
||||
SECURE_PROXY_ADDR_HEADER = '<%= @secure_proxy_addr_header %>'
|
||||
<% end %>
|
||||
|
||||
# If Horizon is being served through SSL, then uncomment the following two
|
||||
# settings to better secure the cookies from security exploits
|
||||
<% if @secure_cookies %>
|
||||
|
Loading…
x
Reference in New Issue
Block a user