[patchew-devel] Re: [PATCH] use X-Forwarded-Host header in HttpRequest.get_host()/get_port()

• From: Fam Zheng <famz@xxxxxxxxxx>
• To: Paolo Bonzini <pbonzini@xxxxxxxxxx>
• Date: Wed, 28 Feb 2018 23:13:15 +0800

On Wed, 02/28 13:41, Paolo Bonzini wrote:

This fixes absolute URIs in the REST API.

Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
---
      Fam, can you please apply this patch and re-deploy next.patchew.org?

 patchew/settings.py               |  2 ++
 scripts/patchew-server.nginx.conf |  1 +
 tests/test_rest.py                | 10 ++++++++++
 3 files changed, 13 insertions(+)

diff --git a/patchew/settings.py b/patchew/settings.py
index cca6c79..b5b8019 100644
--- a/patchew/settings.py
+++ b/patchew/settings.py
@@ -113,6 +113,8 @@ def env_detect():
         raise Exception("Unknown running environment")
 
 DEBUG, DATA_DIR = env_detect()
+
+USE_X_FORWARDED_HOST = True
 if DEBUG:
     ALLOWED_HOSTS = ["*"]
 else:

I find two more things need to touch in addition. One is ALLOWED_HOSTS: what we
expect from X-Forwarded-Host must be listed there; the other is the host nginx
(the one that faces internet) must set Host header.

For the former, I wonder what are the risks to unconditionally do

    ALLOWED_HOSTS = ["*"]

since we run in a container behind a proxy that is associated to only one domain
name.

diff --git a/scripts/patchew-server.nginx.conf 
b/scripts/patchew-server.nginx.conf
index d87d8b9..890a747 100644
--- a/scripts/patchew-server.nginx.conf
+++ b/scripts/patchew-server.nginx.conf
@@ -64,6 +64,7 @@ http {
 
     location @proxy_to_app {
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Host $host;
       # enable this if and only if you use HTTPS
       # proxy_set_header X-Forwarded-Proto https;
       proxy_set_header Host localhost;

Actually, why not just change this to:

         proxy_set_header Host            $host;
?

diff --git a/tests/test_rest.py b/tests/test_rest.py
index 0e43797..018a97f 100755
--- a/tests/test_rest.py
+++ b/tests/test_rest.py
@@ -36,6 +36,16 @@ class RestTest(PatchewTestCase):
         self.admin = User.objects.get(username='admin')
         self.USER_BASE = '%susers/%d/' % (self.REST_BASE, self.admin.id)
 
+    def test_root(self):
+        resp = self.api_client.get(self.REST_BASE)
+        self.assertEquals(resp.data['users'], self.REST_BASE + 'users/')
+        self.assertEquals(resp.data['projects'], self.REST_BASE + 
'projects/')
+        self.assertEquals(resp.data['series'], self.REST_BASE + 'series/')
+        resp = self.api_client.get(self.REST_BASE, 
HTTP_X_FORWARDED_HOST='patchew.org')
+        self.assertEquals(resp.data['users'], 
'http://patchew.org/api/v1/users/')
+        self.assertEquals(resp.data['projects'], 
'http://patchew.org/api/v1/projects/')
+        self.assertEquals(resp.data['series'], 
'http://patchew.org/api/v1/series/')
+
     def test_users(self):
         resp = self.api_client.get(self.REST_BASE + 'users/')
         self.assertEquals(resp.data['count'], 1)
-- 
2.14.3

• Follow-Ups:
  • [patchew-devel] Re: [PATCH] use X-Forwarded-Host header in HttpRequest.get_host()/get_port()
    • From: Paolo Bonzini

• References:
  • [patchew-devel] [PATCH] use X-Forwarded-Host header in HttpRequest.get_host()/get_port()
    • From: Paolo Bonzini

Other related posts:

• » [patchew-devel] [PATCH] use X-Forwarded-Host header in HttpRequest.get_host()/get_port()- Paolo Bonzini
• » [patchew-devel] Re: [PATCH] use X-Forwarded-Host header in HttpRequest.get_host()/get_port() - Fam Zheng
• » [patchew-devel] Re: [PATCH] use X-Forwarded-Host header in HttpRequest.get_host()/get_port()- Fam Zheng
• » [patchew-devel] Re: [PATCH] use X-Forwarded-Host header in HttpRequest.get_host()/get_port()- Paolo Bonzini

1. Home
2. patchew-devel
3. Archive
4. 02-2018

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---