Should be fixed as of revno 4261 (revid
[email protected]). Could those who've had
problems with this try it out?
* When running behind an Apache-type proxy (which doesn't correctly
reset the Host header but does set X-Forwarded-Host instead), enable
tools.proxy (uncomment `tools.proxy.on = True` in the Openerp-Web config
file)
* When running behind a more flexible proxy (e.g. nginx) which allows
you to reset the Host header (e.g. `proxy_set_header Host $host;` in
nginx), set it and *do not* enable tools.proxy
Summary of changes: CherryPy already provides the tools to transparently
manage this issue (without having to check for `tools.proxy` manually)
in `request.base` but we were not using it, and were accessing the Host
header directly instead.
** Changed in: openobject-client-web
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/690514
Title:
[trunk] CSRF check in 4091 breaks mod_proxy
Status in OpenObject Web Client:
Fix Released
Bug description:
The CSRF check won't work in most cases with mod_proxy - the host/ref is
going to be different (e.g. 127.0.0.1)
Likely better way to do it is using a token/hidden field... I'd provide a patch
but I haven't worked much with the web client yet.
_______________________________________________
Mailing list: https://launchpad.net/~c2c-oerpscenario
Post to : [email protected]
Unsubscribe : https://launchpad.net/~c2c-oerpscenario
More help : https://help.launchpad.net/ListHelp
