Ubuntu
pastedeploy package

Backport X-Forwarded-* header parsing bugfix.

Bug #439554 reported by SqUe
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pastedeploy (Ubuntu)
Invalid
Undecided
Unassigned
Intrepid
Invalid
Low
Unassigned
Jaunty
Invalid
Low
Unassigned

Bug Description

pastedeploy has a feature to auto-create urls when it is served behind a proxy. Urls are created using the X-Forwarded-*. In hardy version the urls are crafted using the X-Forwarded-Server which was wrong as this is the hostname of the server and not the host that the client request. This can leaded to creating URLs using lan host names rather than the actual public host that the proxy is listing to. The problem has been described by a user in their mailing list in the past http://pythonpaste.org/archives/message/20070813.221354.d0a58db6.ca.html#paste-users

This was fixed in later versions.
In 1.3.2, the one included in 8.10 and 9.04, it just give more priority to X-Forwarded-Host than X-Forwarded-Server header.
In 1.3.3, the one included in Karmic, it is properly fixed and even supports different schemes using the X-Forwarded-Scheme.

As this is a blocking bug to deploy loggerhead behind apache's reverse proxy using ssl, I would love to see an upstream update rather than using custom hack.

The patch that I am attaching was exported by a simple diff on config.py from 1.3.1 to 1.3.3. The patch requires no extra change on other files.

See original description
Revision history for this message
SqUe (sque) wrote :
description: updated
Revision history for this message
Andrew Starr-Bochicchio (andrewsomething) wrote :

Opening specific tasks for Jaunty and Intrepid as the bug doesn't exist in Karmic.

You might want to request having the Karmic package backported. It might be simpler than going through the Stable Release Updates process. Look here for more info:

https://help.ubuntu.com/community/UbuntuBackports#How%20to%20request%20new%20packages

Changed in pastedeploy (Ubuntu):
status: New → Invalid
Changed in pastedeploy (Ubuntu Intrepid):
status: New → Triaged
Changed in pastedeploy (Ubuntu Jaunty):
status: New → Triaged
importance: Undecided → Low
Changed in pastedeploy (Ubuntu Intrepid):
importance: Undecided → Low
Revision history for this message
Alex Valavanis (valavanisalex) wrote :

Intrepid Ibex reached end-of-life on 30 April 2010 so I am closing the
report. The bug is still marked as confirmed in later versions of Ubuntu.

Changed in pastedeploy (Ubuntu Intrepid):
status: Triaged → Invalid
Revision history for this message
JC Hulce (soaringsky) wrote :

Thank you for taking the time to report this bug. This issue has been fixed in newer versions of Ubuntu, and Jaunty is EOL, so I am closing this bug task.

Changed in pastedeploy (Ubuntu Jaunty):
status: Triaged → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.