[Server] Add option to handle header set by a proxy #8626
Assignees
Labels
A-Server
Area: Parsec Server
Comments
FirelightFlagboy
added a commit
that referenced
this issue
Oct 9, 2024
Add a new option that configure the list of trusted address to parse the proxy headers from.
The parsing is handled by `uvicorn` which currently only support `x-forwarded-{for,proto}` headers.
Closes #8626, closes #8427
Co-authored-by: Marcos Medrano <[email protected]>
github-merge-queue bot
pushed a commit
that referenced
this issue
Oct 10, 2024
Add a new option that configure the list of trusted address to parse the proxy headers from.
The parsing is handled by `uvicorn` which currently only support `x-forwarded-{for,proto}` headers.
Closes #8626, closes #8427
Co-authored-by: Marcos Medrano <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A Parsec server could be configured behind a reverse proxy (like apache or traefik).
But currently the server does not use the headers added by the proxy (
Forwarded-*orX-Forwarded-*).Important
The server should not use those headers by default, the sysadmin should explicitly enable the server to use those headers.
This could cause issue when the server generate link like for bootstrapping an organization where it only use the scheme of the request instead of looking for the forwarded header:
parsec-cloud/server/parsec/asgi/administration.py
Line 179 in 6a56633
We could take inspiration of
keycloakhas the optional option--proxy-headers {forwarded|xforwarded}The text was updated successfully, but these errors were encountered: