File 0002-Handle-URL-reconstruction-in-PEP333-compatible-fashi.patch of Package openstack-barbican
From 6e474218c5713ef0bba0f4c1bb5f9a0331989814 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dirk@dmllr.de>
Date: Mon, 29 Jan 2018 12:38:34 +0100
Subject: [PATCH 2/2] Handle URL reconstruction in PEP333 compatible fashion
The Pecan url in wsgi forward scenarios is not correct, as
it does not handle the extra headers injected by the forwarding
handler. Improve this to properly detect the https case in
case the loadbalancer terminates SSL as well and always return
the original's request HOST for consistency.
Change-Id: I3a208abbc6134d1c7be245d35eb4564ef886bd9b
(cherry picked from commit 43393eb514f3f15d4bdce26abb13920c1db96fa6)
---
barbican/common/utils.py | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/barbican/common/utils.py b/barbican/common/utils.py
index 775b5ad6..7cd98a1d 100644
--- a/barbican/common/utils.py
+++ b/barbican/common/utils.py
@@ -78,10 +78,17 @@ def get_base_url_from_request():
"""
if not CONF.host_href and hasattr(pecan.request, 'url'):
p_url = parse.urlsplit(pecan.request.url)
+ # Pecan does not handle X_FORWARDED_PROTO yet, so we need to
+ # handle it ourselves. see lp#1445290
+ scheme = pecan.request.environ.get('HTTP_X_FORWARDED_PROTO', 'http')
+ # Pecan does not handle url reconstruction according to
+ # https://www.python.org/dev/peps/pep-0333/#url-reconstruction
+ netloc = pecan.request.environ.get('HTTP_HOST', p_url.netloc)
+ # FIXME: implement SERVER_NAME lookup if HTTP_HOST is not set
if p_url.path:
- base_url = '%s://%s%s' % (p_url.scheme, p_url.netloc, p_url.path)
+ base_url = '%s://%s%s' % (scheme, netloc, p_url.path)
else:
- base_url = '%s://%s' % (p_url.scheme, p_url.netloc)
+ base_url = '%s://%s' % (scheme, netloc)
return base_url
else: # when host_href is set or flow is not within wsgi request context
return CONF.host_href
--
2.15.1
