[ARVADOS] created: 1.3.0-1853-g7fa9f0a6c
Git user
git at public.curoverse.com
Tue Nov 12 20:24:15 UTC 2019
at 7fa9f0a6c04d820392da5fe2f74c0a7a422c0ce1 (commit)
commit 7fa9f0a6c04d820392da5fe2f74c0a7a422c0ce1
Author: Tom Clegg <tclegg at veritasgenetics.com>
Date: Tue Nov 12 15:22:57 2019 -0500
15107: Fix redirect target rewriting.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg at veritasgenetics.com>
diff --git a/lib/controller/railsproxy/railsproxy.go b/lib/controller/railsproxy/railsproxy.go
index 54257cffc..5c8afbe59 100644
--- a/lib/controller/railsproxy/railsproxy.go
+++ b/lib/controller/railsproxy/railsproxy.go
@@ -39,9 +39,10 @@ func NewConn(cluster *arvados.Cluster) *rpc.Conn {
panic(err)
}
conn := rpc.NewConn(cluster.ClusterID, url, insecure, rpc.PassthroughTokenProvider)
- // If Rails is running with force_ssl=true, this
- // "X-Forwarded-Proto: https" header prevents it from
- // redirecting our internal request to an invalid https URL.
- conn.SendHeader = http.Header{"X-Forwarded-Proto": []string{"https"}}
+ // This "X-Forwarded-Proto: http" header prevents a plain-http
+ // Rails server from redirecting our internal requests (and
+ // rewriting internal redirect_to targets) to invalid https
+ // URLs.
+ conn.SendHeader = http.Header{"X-Forwarded-Proto": []string{url.Scheme}}
return conn
}
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list