From ae0dc30c0a428e53d77bd00484aac5663a2856b5 Mon Sep 17 00:00:00 2001 From: ericandrewmeadows Date: Wed, 4 Sep 2019 10:21:13 -0700 Subject: [PATCH] Fix to Werkzeug ProxyFix; expose ProxyFix configuration items (#8117) * Fix to werkzeug proxy; expose additional configuration items * Forced to all x-forwarded configurations ON; black done * added comments related to x_port after testing * Updated UPDATING.md * Removed accidental notebook; added *.ipynb to gitignore * Delete Untitled-checkpoint.ipynb --- .gitignore | 1 + UPDATING.md | 5 +++++ setup.py | 2 +- superset/__init__.py | 5 +++-- superset/config.py | 4 +++- 5 files changed, 13 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index ad106b34fa1ad..ab5126af5d5e3 100644 --- a/.gitignore +++ b/.gitignore @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # +*.ipynb *.bak *.db *.pyc diff --git a/UPDATING.md b/UPDATING.md index 9fc0c356d4505..654eb914b3b02 100644 --- a/UPDATING.md +++ b/UPDATING.md @@ -23,6 +23,11 @@ assists people when migrating to a new version. ## Next Version +* [8117](https://github.com/apache/incubator-superset/pull/8117): If you are +using `ENABLE_PROXY_FIX = True`, review the newly-introducted variable, +`PROXY_FIX_CONFIG`, which changes the proxy behavior in accordance with +[Werkzeug](https://werkzeug.palletsprojects.com/en/0.15.x/middleware/proxy_fix/) + * [8069](https://github.com/apache/incubator-superset/pull/8069): introduces [MessagePack](https://github.com/msgpack/msgpack-python) and [PyArrow](https://arrow.apache.org/docs/python/) for async query results diff --git a/setup.py b/setup.py index 7bcc48640153c..5a17843d6ac93 100644 --- a/setup.py +++ b/setup.py @@ -73,7 +73,7 @@ def get_git_sha(): "contextlib2", "croniter>=0.3.28", "cryptography>=2.4.2", - "flask>=1.0.0, <2.0.0", + "flask>=1.1.0, <2.0.0", "flask-appbuilder>=2.1.9, <2.3.0", "flask-caching", "flask-compress", diff --git a/superset/__init__.py b/superset/__init__.py index d841bcf378b75..8481d2a684a16 100644 --- a/superset/__init__.py +++ b/superset/__init__.py @@ -28,7 +28,6 @@ from flask_migrate import Migrate from flask_talisman import Talisman from flask_wtf.csrf import CSRFProtect -from werkzeug.contrib.fixers import ProxyFix import wtforms_json from superset import config @@ -139,7 +138,9 @@ def get_manifest(): CORS(app, **app.config.get("CORS_OPTIONS")) if app.config.get("ENABLE_PROXY_FIX"): - app.wsgi_app = ProxyFix(app.wsgi_app) + from werkzeug.middleware.proxy_fix import ProxyFix + + app.wsgi_app = ProxyFix(app.wsgi_app, **app.config.get("PROXY_FIX_CONFIG")) if app.config.get("ENABLE_CHUNK_ENCODING"): diff --git a/superset/config.py b/superset/config.py index e0fb649f19c80..782cdcbf0512d 100644 --- a/superset/config.py +++ b/superset/config.py @@ -123,8 +123,10 @@ # and it's more secure to turn it off in production settings. SHOW_STACKTRACE = True -# Extract and use X-Forwarded-For/X-Forwarded-Proto headers? +# Use all X-Forwarded headers when ENABLE_PROXY_FIX is True. +# When proxying to a different port, set "x_port" to 0 to avoid downstream issues. ENABLE_PROXY_FIX = False +PROXY_FIX_CONFIG = {"x_for": 1, "x_proto": 1, "x_host": 1, "x_port": 1, "x_prefix": 1} # ------------------------------ # GLOBALS FOR APP Builder