Use X-Forwarded-Proto as origin protocol if present
When using a haproxy with SSL termination to provide secure console
connections, haproxy will change the Origin header scheme to 'http'
and add the 'X-Forwarded-Proto: https' header. This causes a failure
in the Nova console proxy code which verifies that the Origin header
scheme matches the access_url scheme for the connection, because the
Origin header coming from haproxy is 'http' while the access_url
scheme is 'https' or 'wss'.
This looks for the X-Forwarded-Proto header and uses its scheme for
the verification instead, if it is present.
Reviewed: https:/ /review. openstack. org/631103 /git.openstack. org/cgit/ openstack/ nova/commit/ ?id=890e2d320e8 e8e7b501af8e21c c6b751fb204d04
Committed: https:/
Submitter: Zuul
Branch: master
commit 890e2d320e8e8e7 b501af8e21cc6b7 51fb204d04
Author: melanie witt <email address hidden>
Date: Wed Jan 16 00:27:42 2019 +0000
Use X-Forwarded-Proto as origin protocol if present
When using a haproxy with SSL termination to provide secure console
connections, haproxy will change the Origin header scheme to 'http'
and add the 'X-Forwarded-Proto: https' header. This causes a failure
in the Nova console proxy code which verifies that the Origin header
scheme matches the access_url scheme for the connection, because the
Origin header coming from haproxy is 'http' while the access_url
scheme is 'https' or 'wss'.
This looks for the X-Forwarded-Proto header and uses its scheme for
the verification instead, if it is present.
Closes-Bug: #1788180
Change-Id: I43401dc8368853 654bf443273a0a1 b5b9b63e3f0