diff options
| author | Dan Prince <dprince@redhat.com> | 2014-05-06 15:14:34 -0400 |
|---|---|---|
| committer | Dan Prince <dprince@redhat.com> | 2014-05-06 15:17:47 -0400 |
| commit | 19686f09107cd9b13f017a41dfcee1ceba35c864 (patch) | |
| tree | 0c3c6072f04fb7e1ecfde7c4197606b5f4e94085 /etc | |
| parent | c86655b517723e5b9f9592f71ba1d398a699fae8 (diff) | |
| download | heat-19686f09107cd9b13f017a41dfcee1ceba35c864.tar.gz | |
Revert "Support ... x-forwarded-for header"
This reverts commit e3679217d1d4b1821f4fa0bd9894b761edfe4ba9.
This commit broke using the heat API when client requests were
behind a proxy (this sets the X-Forwarded-For header)
and effectively causes the heat-api to return the clients
IP address back in the request via the location header.
I believe the original (unapproved) heat blueprint for
this feature should have used X-Forwarded-Host instead.
Closes-bug: #1316754
Change-Id: I1b38ececf59545a3c13c7ebf2c33be97f4332ac0
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/heat/api-paste.ini | 14 | ||||
| -rw-r--r-- | etc/heat/heat.conf.sample | 9 |
2 files changed, 5 insertions, 18 deletions
diff --git a/etc/heat/api-paste.ini b/etc/heat/api-paste.ini index 13af43cfc..bd5af18a4 100644 --- a/etc/heat/api-paste.ini +++ b/etc/heat/api-paste.ini @@ -1,7 +1,7 @@ # heat-api pipeline [pipeline:heat-api] -pipeline = faultwrap ssl xforwardedfor versionnegotiation authurl authtoken context apiv1app +pipeline = faultwrap ssl versionnegotiation authurl authtoken context apiv1app # heat-api pipeline for standalone heat # ie. uses alternative auth backend that authenticates users against keystone @@ -12,7 +12,7 @@ pipeline = faultwrap ssl xforwardedfor versionnegotiation authurl authtoken cont # flavor = standalone # [pipeline:heat-api-standalone] -pipeline = faultwrap ssl xforwardedfor versionnegotiation authurl authpassword context apiv1app +pipeline = faultwrap ssl versionnegotiation authurl authpassword context apiv1app # heat-api pipeline for custom cloud backends # i.e. in heat.conf: @@ -20,7 +20,7 @@ pipeline = faultwrap ssl xforwardedfor versionnegotiation authurl authpassword c # flavor = custombackend # [pipeline:heat-api-custombackend] -pipeline = faultwrap xforwardedfor versionnegotiation context custombackendauth apiv1app +pipeline = faultwrap versionnegotiation context custombackendauth apiv1app # heat-api-cfn pipeline [pipeline:heat-api-cfn] @@ -33,12 +33,12 @@ pipeline = cfnversionnegotiation ec2authtoken context apicfnv1app # heat-api-cloudwatch pipeline [pipeline:heat-api-cloudwatch] -pipeline = xforwardedfor versionnegotiation ec2authtoken authtoken context apicwapp +pipeline = versionnegotiation ec2authtoken authtoken context apicwapp # heat-api-cloudwatch pipeline for standalone heat # relies exclusively on authenticating with ec2 signed requests [pipeline:heat-api-cloudwatch-standalone] -pipeline = xforwardedfor versionnegotiation ec2authtoken context apicwapp +pipeline = versionnegotiation ec2authtoken context apicwapp [app:apiv1app] paste.app_factory = heat.common.wsgi:app_factory @@ -52,10 +52,6 @@ heat.app_factory = heat.api.cfn.v1:API paste.app_factory = heat.common.wsgi:app_factory heat.app_factory = heat.api.cloudwatch:API -[filter:xforwardedfor] -paste.filter_factory = heat.common.wsgi:filter_factory -heat.filter_factory = heat.api.openstack:x_forwarded_for_middleware_filter - [filter:versionnegotiation] paste.filter_factory = heat.common.wsgi:filter_factory heat.filter_factory = heat.api.openstack:version_negotiation_filter diff --git a/etc/heat/heat.conf.sample b/etc/heat/heat.conf.sample index d2ca0585d..d1d397328 100644 --- a/etc/heat/heat.conf.sample +++ b/etc/heat/heat.conf.sample @@ -11,15 +11,6 @@ # -# Options defined in heat.api.middleware.x_forwarded_for -# - -# The HTTP header that will be used as remote address. (string -# value) -#forward_header_name=X-Forwarded-For - - -# # Options defined in heat.common.config # |