Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-29597

Honor X-Forwarded-Proto In Redirects

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Unresolved
    • Major
    • None
    • None
    • ns_server

    Description

      When NS server is sat behind a load-balancer which is terminating SSL, a redirect will end up returning the wrong scheme, probably related to this bit of code here:

      https://github.com/couchbase/ns_server/blob/15f8f4629bf26cd43f0009eb58256ef9e894e02f/src/menelaus_util.erl#L159

      The load balancer should be operating in http mode, and inserting the X-Forwarded-Proto header which indicates the client is actually talking TLS.  In this case we need to return the https scheme if either the socket is TLS enabled, or the X-Forwarded-Proto header is set to https.

      This may be required elsewhere too...

      Attachments

        Activity

          People

            ajit.yagaty Ajit Yagaty [X] (Inactive)
            simon.murray Simon Murray
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              PagerDuty