OpenStack Compute (nova)

  1. Series rocky
  2. Bug #1788180
  3. Comment #3

Comment 3 for bug 1788180

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/631103
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=890e2d320e8e8e7b501af8e21cc6b751fb204d04
Submitter: Zuul
Branch: master

commit 890e2d320e8e8e7b501af8e21cc6b751fb204d04
Author: melanie witt <email address hidden>
Date: Wed Jan 16 00:27:42 2019 +0000

    Use X-Forwarded-Proto as origin protocol if present

    When using a haproxy with SSL termination to provide secure console
    connections, haproxy will change the Origin header scheme to 'http'
    and add the 'X-Forwarded-Proto: https' header. This causes a failure
    in the Nova console proxy code which verifies that the Origin header
    scheme matches the access_url scheme for the connection, because the
    Origin header coming from haproxy is 'http' while the access_url
    scheme is 'https' or 'wss'.

    This looks for the X-Forwarded-Proto header and uses its scheme for
    the verification instead, if it is present.

    Closes-Bug: #1788180

    Change-Id: I43401dc8368853654bf443273a0a1b5b9b63e3f0