Bug 1249496
Summary: | "Submit job" button redirects to 'http' URL when it should be 'https' URL | ||
---|---|---|---|
Product: | [Retired] Beaker | Reporter: | Jun'ichi NOMURA <junichi.nomura> |
Component: | web UI | Assignee: | Dan Callaghan <dcallagh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | tools-bugs <tools-bugs> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 20 | CC: | dcallagh, dowang, mjia, rjoost |
Target Milestone: | 21.1 | Keywords: | Patch, Regression |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-10-21 03:25:32 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jun'ichi NOMURA
2015-08-03 08:00:37 UTC
I think the problem is that we are relying on Flask to convert the Location header to absolute URLs in these cases, and it isn't aware of the TurboGears config. I expect it will use the URL scheme from wsgi.url_scheme which will be set to 'http' if mod_wsgi thinks it is serving the application over HTTP, which is what happens if you serve the application over HTTP with a reverse proxy in front doing SSL termination... This is only reproducible if: * the server is configured to use HTTPS (tg.url_scheme="https" in /etc/beaker/server.cfg) * the redirect to HTTPS is not enabled (RewriteCond and RewriteRule in /etc/httpd/conf.d/beaker-server.conf not uncommented) * the application is accessed over HTTP, or there is an SSL-terminating reverse proxy which accesses the application over HTTP None of our environments have this configuration which is why we haven't spotted the problem before. This bug fix is included in beaker-server-21.1-0.git.3.58733b1.el6eng, which is currently available for download here: https://beaker-project.org/nightlies/release-21/RedHatEnterpriseLinux6/ Beaker 21.1 has been released. |