Odoo Web (MOVED TO GITHUB)

should use HTTP_X_FORWARDED_HOST if available

Bug #1170133 reported by Holger Brunn (Therp)
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Odoo Web (MOVED TO GITHUB)
Invalid
Undecided
Unassigned
OpenERP Community Backports (Web)
Status tracked in 7.0
6.1
Invalid
Undecided
Unassigned
7.0
Invalid
Undecided
Unassigned

Bug Description

When running behind a proxy, the setting dbfilter is pretty much useless, as http://bazaar.launchpad.net/~openerp/openerp-web/trunk/view/head:/addons/web/controllers/main.py#L90 looks only at HTTP_HOST which is set to the proxied host, localhost in most settings I assume.
A de-facto standard for that is HTTP_X_FORWARDED_HOST, so this line should read

h = req.httprequest.environ.get('HTTP_X_FORWARDED_HOST', req.httprequest.environ['HTTP_HOST']).split(':')[0]

to use the hostname the client requested also in the proxied case.

MPs follow.

Revision history for this message
Xavier (Open ERP) (xmo-deactivatedaccount) wrote :

Werkzeug provides a ProxyFix WSGI middleware which takes care of transparently providing "normal" header from the X-Forwarded ones: http://werkzeug.pocoo.org/docs/contrib/fixers/#werkzeug.contrib.fixers.ProxyFix

This middleware is automatically applied by the server's WSGI mount when proxy_mode is enabled: http://bazaar.launchpad.net/~openerp/openobject-server/trunk/view/head:/openerp/service/wsgi_server.py#L420

The web client *very specifically must not take care of that*. Run your server correctly.

The old "stand-alone mode" had the same option and capability: http://bazaar.launchpad.net/~openerp/openerp-web/6.1/view/head:/openerp-web#L91

Changed in openerp-web:
status: New → Invalid
Revision history for this message
Holger Brunn (Therp) (hbrunn) wrote :

thanks for the pointers!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.