Skip to content

Commit

Permalink
Fix to Werkzeug ProxyFix; expose ProxyFix configuration items (#8117)
Browse files Browse the repository at this point in the history
* Fix to werkzeug proxy; expose additional configuration items

* Forced to all x-forwarded configurations ON; black done

* added comments related to x_port after testing

* Updated UPDATING.md

* Removed accidental notebook; added *.ipynb to gitignore

* Delete Untitled-checkpoint.ipynb
  • Loading branch information
ericandrewmeadows authored and mistercrunch committed Sep 4, 2019
1 parent 650de93 commit ae0dc30
Show file tree
Hide file tree
Showing 5 changed files with 13 additions and 4 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
*.ipynb
*.bak
*.db
*.pyc
Expand Down
5 changes: 5 additions & 0 deletions UPDATING.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,11 @@ assists people when migrating to a new version.

## Next Version

* [8117](https://github.com/apache/incubator-superset/pull/8117): If you are
using `ENABLE_PROXY_FIX = True`, review the newly-introducted variable,
`PROXY_FIX_CONFIG`, which changes the proxy behavior in accordance with
[Werkzeug](https://werkzeug.palletsprojects.com/en/0.15.x/middleware/proxy_fix/)

* [8069](https://github.com/apache/incubator-superset/pull/8069): introduces
[MessagePack](https://github.com/msgpack/msgpack-python) and
[PyArrow](https://arrow.apache.org/docs/python/) for async query results
Expand Down
2 changes: 1 addition & 1 deletion setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ def get_git_sha():
"contextlib2",
"croniter>=0.3.28",
"cryptography>=2.4.2",
"flask>=1.0.0, <2.0.0",
"flask>=1.1.0, <2.0.0",
"flask-appbuilder>=2.1.9, <2.3.0",
"flask-caching",
"flask-compress",
Expand Down
5 changes: 3 additions & 2 deletions superset/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@
from flask_migrate import Migrate
from flask_talisman import Talisman
from flask_wtf.csrf import CSRFProtect
from werkzeug.contrib.fixers import ProxyFix
import wtforms_json

from superset import config
Expand Down Expand Up @@ -139,7 +138,9 @@ def get_manifest():
CORS(app, **app.config.get("CORS_OPTIONS"))

if app.config.get("ENABLE_PROXY_FIX"):
app.wsgi_app = ProxyFix(app.wsgi_app)
from werkzeug.middleware.proxy_fix import ProxyFix

app.wsgi_app = ProxyFix(app.wsgi_app, **app.config.get("PROXY_FIX_CONFIG"))

if app.config.get("ENABLE_CHUNK_ENCODING"):

Expand Down
4 changes: 3 additions & 1 deletion superset/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -123,8 +123,10 @@
# and it's more secure to turn it off in production settings.
SHOW_STACKTRACE = True

# Extract and use X-Forwarded-For/X-Forwarded-Proto headers?
# Use all X-Forwarded headers when ENABLE_PROXY_FIX is True.
# When proxying to a different port, set "x_port" to 0 to avoid downstream issues.
ENABLE_PROXY_FIX = False
PROXY_FIX_CONFIG = {"x_for": 1, "x_proto": 1, "x_host": 1, "x_port": 1, "x_prefix": 1}

# ------------------------------
# GLOBALS FOR APP Builder
Expand Down

0 comments on commit ae0dc30

Please sign in to comment.