Odoo Web (MOVED TO GITHUB)

Bad initial URL redirection behind reverse proxy (for SSL purposes)

Bug #1166476 reported by Pedro Manuel Baeza
26
This bug affects 6 people
Affects Status Importance Assigned to Milestone
Odoo Web (MOVED TO GITHUB)
Confirmed
Undecided
Unassigned

Bug Description

In version 7.0, when you hide an OpenERP server behind a reverse proxy, for accessing it you type an URL like this:

https://openerp-server.com

With new functionality added in revision 3837, there is an initial redirection, adding a parameter ?db= with the name of the database. If you aren't behind a reverse proxy, there's no problem with this redirection, but in the other case, redirection happens to (following the example):

http://openerp-server.com/?db=database

What makes that it doesn't work if you have forbidden traffic on unsecured ports (or you don't have any redirections on port 80) or use unsecured connections in any other case (what is not the desired behaviour).

Forcing in the URL typed the db parameter, it doesn't happen, and this only happens in the initial redirection, but not when you toggle the database in the upper right corner.

Conflicting code is located on addons/web/controllers/main.py, on line 572 (well, the function that is called in this line indeed).

Revision history for this message
Cats&Dogs (catsanddogs) wrote :

I second this, we have the same issue

Revision history for this message
Brian Taber (btaber) wrote :

Is there a workaround to this really annoying issue?

Revision history for this message
Pedro Manuel Baeza (pedro.baeza) wrote :

It seems that at least for now, commenting out lines:

        if redir:
            return redirect_with_hash(req, redir)

in the mentioned file (addons/web/controllers/main.py), works.

Regards.

Revision history for this message
Xavier (Open ERP) (xmo-deactivatedaccount) wrote :

Is the openerp server correctly started in proxy mode (--proxy-mode on the command line) to enable awareness of reverse proxy and correct usage of proxy headers?

Changed in openerp-web:
status: New → Incomplete
Revision history for this message
Pedro Manuel Baeza (pedro.baeza) wrote :

Hi, Xavier,

Sorry for the late reply, but I have no time to check what you were proposing. After checking it, the problem remains. It means that the issue happened with the inclusion of the DB name as parameter in the URL, but nothing with the proxy.

For now, the only solution is still commenting that lines.

Thank you.

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for OpenERP Web because there has been no activity for 60 days.]

Changed in openerp-web:
status: Incomplete → Expired
Revision history for this message
Pedro Manuel Baeza (pedro.baeza) wrote :

I'm confirming again the bug, because it's still there.

Regards.

Changed in openerp-web:
status: Expired → Confirmed
Revision history for this message
Florent THOMAS (mailinglist) wrote :

I'm also concerned by this point.
I tried many conf with certs, proxy mode in conf file etc...
Same problem

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.