From 6ad6ca33e73686437098c3eec3d35efec0dd03ac Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Mon, 10 Oct 2016 09:46:14 +0300 Subject: [PATCH] Add http_proxy_to_wsgi middleware to Heat CFN endpoint This was already used in the API endpoint, but it's also needed in the CFN endpoint. It's purpose is to process the X-Forwarded-Proto header (or Proxy protocol if used) and set the protocol as directed to https if done so. It's only needed if Heat is behind a TLS proxy (such as HAProxy) and is also disabled by default. Change-Id: Ibd81e1cf6bc1e3f63728b485e295478afa7f573c Closes-Bug: #1590608 --- etc/heat/api-paste.ini | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/etc/heat/api-paste.ini b/etc/heat/api-paste.ini index 5ea89b5aee..b1068efd84 100644 --- a/etc/heat/api-paste.ini +++ b/etc/heat/api-paste.ini @@ -24,12 +24,12 @@ pipeline = cors request_id faultwrap versionnegotiation context custombackendaut # heat-api-cfn pipeline [pipeline:heat-api-cfn] -pipeline = cors cfnversionnegotiation osprofiler ec2authtoken authtoken context apicfnv1app +pipeline = cors http_proxy_to_wsgi cfnversionnegotiation osprofiler ec2authtoken authtoken context apicfnv1app # heat-api-cfn pipeline for standalone heat # relies exclusively on authenticating with ec2 signed requests [pipeline:heat-api-cfn-standalone] -pipeline = cors cfnversionnegotiation ec2authtoken context apicfnv1app +pipeline = cors http_proxy_to_wsgi cfnversionnegotiation ec2authtoken context apicfnv1app # heat-api-cloudwatch pipeline [pipeline:heat-api-cloudwatch]