Add flag to enable the SECURE_PROXY_SSL_HEADER option
This is used to tell Django to take into account the X-Forwarded-Proto header. It is disabled by default as it should only be enabled if one is running horizon behind a proxy. Change-Id: Ifed7d4c3409419c01c5b20c707221c1fc76ea09e
This commit is contained in:
parent
7cbcc78baa
commit
5211ba5fc8
|
@ -293,6 +293,12 @@
|
|||
# (optional) Disables Admin password prompt on Change Password form.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*enable_secure_proxy_ssl_header*]
|
||||
# (optional) Enables the SECURE_PROXY_SSL_HEADER option which makes django
|
||||
# take the X-Forwarded-Proto header into account. Note that this is only
|
||||
# recommended if you're running horizon behind a proxy.
|
||||
# Defaults to false
|
||||
#
|
||||
# === DEPRECATED group/name
|
||||
#
|
||||
# [*fqdn*]
|
||||
|
@ -391,6 +397,7 @@ class horizon(
|
|||
$password_retrieve = false,
|
||||
$disable_password_reveal = false,
|
||||
$enforce_password_check = false,
|
||||
$enable_secure_proxy_ssl_header = false,
|
||||
# DEPRECATED PARAMETERS
|
||||
$custom_theme_path = undef,
|
||||
$fqdn = undef,
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
features:
|
||||
- Support was added to enable/disable the SECURE_PROXY_SSL_HEADER which
|
||||
enables horizon (via Django) to process the X-Forwarded-Proto header. This
|
||||
done with the "enable_secure_proxy_ssl_header" in the manifest.
|
|
@ -128,6 +128,7 @@ describe 'horizon' do
|
|||
:password_autocomplete => 'on',
|
||||
:images_panel => 'angular',
|
||||
:password_retrieve => true,
|
||||
:enable_secure_proxy_ssl_header => true,
|
||||
})
|
||||
end
|
||||
|
||||
|
@ -135,6 +136,7 @@ describe 'horizon' do
|
|||
verify_concat_fragment_contents(catalogue, 'local_settings.py', [
|
||||
'DEBUG = True',
|
||||
"ALLOWED_HOSTS = ['*', ]",
|
||||
"SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')",
|
||||
'CSRF_COOKIE_SECURE = True',
|
||||
'SESSION_COOKIE_SECURE = True',
|
||||
" 'identity': 2.0,",
|
||||
|
|
|
@ -41,7 +41,11 @@ ALLOWED_HOSTS = ['<%= @final_allowed_hosts %>', ]
|
|||
# and don't forget to strip it from the client's request.
|
||||
# For more information see:
|
||||
# https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header
|
||||
<% if @enable_secure_proxy_ssl_header %>
|
||||
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||
<% else %>
|
||||
#SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||
<% end %>
|
||||
|
||||
# If Horizon is being served through SSL, then uncomment the following two
|
||||
# settings to better secure the cookies from security exploits
|
||||
|
|
Loading…
Reference in New Issue