Backport X-Forwarded-* header parsing bugfix.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pastedeploy (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Intrepid |
Invalid
|
Low
|
Unassigned | ||
Jaunty |
Invalid
|
Low
|
Unassigned |
Bug Description
pastedeploy has a feature to auto-create urls when it is served behind a proxy. Urls are created using the X-Forwarded-*. In hardy version the urls are crafted using the X-Forwarded-Server which was wrong as this is the hostname of the server and not the host that the client request. This can leaded to creating URLs using lan host names rather than the actual public host that the proxy is listing to. The problem has been described by a user in their mailing list in the past http://
This was fixed in later versions.
In 1.3.2, the one included in 8.10 and 9.04, it just give more priority to X-Forwarded-Host than X-Forwarded-Server header.
In 1.3.3, the one included in Karmic, it is properly fixed and even supports different schemes using the X-Forwarded-Scheme.
As this is a blocking bug to deploy loggerhead behind apache's reverse proxy using ssl, I would love to see an upstream update rather than using custom hack.
The patch that I am attaching was exported by a simple diff on config.py from 1.3.1 to 1.3.3. The patch requires no extra change on other files.
Opening specific tasks for Jaunty and Intrepid as the bug doesn't exist in Karmic.
You might want to request having the Karmic package backported. It might be simpler than going through the Stable Release Updates process. Look here for more info:
https:/ /help.ubuntu. com/community/ UbuntuBackports #How%20to% 20request% 20new%20package s