Public bug reported:

pastedeploy has a feature to auto-create urls when it is served behind a
proxy. Urls are created using the X-Forwarded-*. In hardy version the
urls are crafted using the X-Forwarded-Server which was wrong as this is
the hostname of the server and not the host that the client request.
This can leaded to creating URLs using lan host names rather than the
actual public host that the proxy is listing to. The problem has been
described by a user in their mailing list in the past
http://pythonpaste.org/archives/message/20070813.221354.d0a58db6.ca.html
#paste-users

This was fixed in later versions.
In 1.3.2, the one included in 8.10 and 9.04, it just give more priority to 
X-Forwarded-Host than X-Forwarded-Server header.
In 1.3.3, the one included in Karmic, it is properly fixed and even supports 
different schemes using the X-Forwarded-Scheme.

As this is a blocking bug to deploy loggerhead behind apache's reverse
proxy using ssl, I would love to see an upstream update rather than
using custom hack.

The patch that I am attaching was exported by a simple diff on config.py
from 1.3.1 to 1.3.3. The patch requires no extra change on other files.

** Affects: pastedeploy (Ubuntu)
     Importance: Undecided
         Status: New

-- 
Backport X-Forwarded-* header parsing bugfix.
https://bugs.launchpad.net/bugs/439554
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to