Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove the 'X-Forwarded-Proto' line from the nginx config #308

Merged
merged 1 commit into from
Jun 5, 2020
Merged

Remove the 'X-Forwarded-Proto' line from the nginx config #308

merged 1 commit into from
Jun 5, 2020

Conversation

cimnine
Copy link
Collaborator

@cimnine cimnine commented Jun 2, 2020
edited
Loading

Related Issue: #292

New Behavior

nginx does not override X-Forwarded-Proto.

Contrast to Current Behavior

nginx does overwrite whatever header an upstream proxy has defined for X-Forwarded-Proto.

Discussion: Benefits and Drawbacks

The reason for this change is that in the default configuration nginx is only serving 'http' traffic.
So if an upstream proxy sets the 'X-Forwarded-Proto' header, because it is terminating
TLS, then nginx will overwrite it to 'http'. This will cause django to think the page
is served via 'http' and it will not create 'https://...' URLs.

Changes to the Wiki

n/a

Proposed Release Note Entry

Don't mangle with X-Forwarded-Proto header #308

Nginx will no longer set or overwrite the X-Forwarded-Proto header in the default configuration.
This was implemented, because in the default configuration it would set the header to http every time.
And this would overwrite the header of an upstream proxy which might set X-Forwarded-Proto to https, because it is terminating the TLS connection.

Double Check

  • I have read the comments and followed the PR template.
  • I have explained my PR according to the information in the comments.
  • My PR targets the develop branch.

@cimnine
Remove the 'X-Forwarded-Proto' line from the nginx config
5624ecc 
The reason is that in the default configuration nginx is only serving 'http' traffic.
So if an upstream proxy sets the 'X-Forwarded-Proto' header, because it is terminating
TLS, then nginx will overwrite it to 'http'. This will cause django to think the page
is served via 'http' and it will not create 'https://...' URLs.

Related to #292
@cimnine cimnine added the bug This issue describes a confirmed bug. label Jun 2, 2020
@cimnine cimnine added this to the 0.25.0 milestone Jun 2, 2020
@cimnine cimnine requested a review from tobiasge June 2, 2020 14:13
@cimnine cimnine merged commit 688672d into develop Jun 5, 2020
@cimnine cimnine deleted the XForwardedProto branch June 5, 2020 09:57
@tobiasge tobiasge mentioned this pull request Sep 1, 2020
Merged
@cimnine cimnine mentioned this pull request Dec 15, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tobiasge tobiasge tobiasge approved these changes

Assignees
No one assigned
Labels
bug This issue describes a confirmed bug.
Projects
None yet
Milestone
0.25.0
Development

Successfully merging this pull request may close these issues.
2 participants
@cimnine @tobiasge