http_proxy_to_wsgi middleware shouldn't be disabled by default
Bug #1590635 reported by
Jamie Lennox
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Security Guide Documentation |
New
|
Undecided
|
Unassigned | ||
oslo.middleware |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
The http-proxy-to-wsgi middleware has a config option enable_
For anyone behind a load balancer we will always want to have the Forwarded values set in the request, for anyone not behind a load balancer the cost of the code is two environment lookups (so, negligible) and being middleware anyone that is really desperate to not suffer those two dict lookups can simply remove it from their pipeline.
We should deprecate the enable_
To post a comment you must log in.
I agree!
https:/ /git.openstack. org/cgit/ openstack/ oslo.middleware /commit/ ?id=f62c3a74c07 238d91efb17e9ac 64373f08894490 explains it is disabled by default for security reasons. The rationale seems to be: headers are supposed to be saner behind a reverse proxy, so the risk of malformed malicious headers is lower. This rationale is valid in case of a security vulnerability in the parsing code.
On the other hand, keeping this option disabled by default means that almost all OpenStack deployments (because almost all of them use a reverse proxy in front of the APIs) need to set that option for all the OpenStack services using oslo.middleware.
So I guess there is a decision to make here. My opinion is that should ease the life of deployers with sensible defaults.