diff --git a/ooi/tests/unit/test_wsgi.py b/ooi/tests/unit/test_wsgi.py index 423ef98..b00ac76 100644 --- a/ooi/tests/unit/test_wsgi.py +++ b/ooi/tests/unit/test_wsgi.py @@ -16,6 +16,7 @@ import webob import webob.dec import webob.exc +from ooi import config from ooi.tests import base from ooi import wsgi @@ -160,6 +161,12 @@ class TestMiddleware(base.TestCase): result = req.get_response(self.app) self.assertEqual(404, result.status_code) + def test_ssl_middleware(self): + config.cfg.CONF.set_override('ooi_secure_proxy_ssl_header', 'bar') + request = wsgi.Request.blank("/foos", method="GET", + environ={'bar': 'baz'}) + self.assertEqual('baz', request.environ['wsgi.url_scheme']) + class TestOCCIMiddleware(base.TestCase): def setUp(self): diff --git a/ooi/wsgi/__init__.py b/ooi/wsgi/__init__.py index be1055d..14451f6 100644 --- a/ooi/wsgi/__init__.py +++ b/ooi/wsgi/__init__.py @@ -48,6 +48,12 @@ occi_opts = [ help='Number of workers for OCCI (ooi) API service. ' 'The default will be equal to the number of CPUs ' 'available.'), + config.cfg.StrOpt('ooi_secure_proxy_ssl_header', + default=None, + help='The HTTP header used to determine the scheme ' + 'for the original request, even if it was ' + 'removed by an SSL terminating proxy. Typical ' + 'value is "HTTP_X_FORWARDED_PROTO".'), # NEUTRON config.cfg.StrOpt('neutron_ooi_endpoint', default=None, @@ -60,6 +66,13 @@ CONF.register_opts(occi_opts) class Request(webob.Request): + def __init__(self, environ, *args, **kwargs): + if CONF.ooi_secure_proxy_ssl_header: + scheme = environ.get(CONF.ooi_secure_proxy_ssl_header) + if scheme: + environ['wsgi.url_scheme'] = scheme + super(Request, self).__init__(environ, *args, **kwargs) + def should_have_body(self): return self.method in ("POST", "PUT")