Skip to content

slapos
slapos
Commit 6c80353c authored by Łukasz Nowak's avatar Łukasz Nowak
Browse files
Options

caddy-frontend: Avoid implementation of wrong feature 

Removing 'secure' from cookie send by backend is plain wrong.
parent 949ccb69
Hide whitespace changes
Inline Side-by-side
Showing with 1 addition and 9 deletions
software/caddy-frontend/README.caddy_frontend.rst
View file @ 6c80353c
...@@ -355,9 +355,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be:: ...@@ -355,9 +355,6 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
ProxyTimeout 600 ProxyTimeout 600
RewriteEngine On RewriteEngine On
# Remove "Secure" from cookies, as backend may be https
Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
# Not using HTTPS? Ask that guy over there. # Not using HTTPS? Ask that guy over there.
# Dummy redirection to https. Note: will work only if https listens # Dummy redirection to https. Note: will work only if https listens
# on standard port (443). # on standard port (443).
...@@ -432,8 +429,6 @@ the proxy:: ...@@ -432,8 +429,6 @@ the proxy::
LogLevel info LogLevel info
LogFormat "%%h %%l %%{REMOTE_USER}i %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\" %%D" combined LogFormat "%%h %%l %%{REMOTE_USER}i %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\" %%D" combined
CustomLog "%(access_log)s" combined CustomLog "%(access_log)s" combined
# Remove "Secure" from cookies, as backend may be https
Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
# Not using HTTPS? Ask that guy over there. # Not using HTTPS? Ask that guy over there.
# Dummy redirection to https. Note: will work only if https listens # Dummy redirection to https. Note: will work only if https listens
# on standard port (443). # on standard port (443).
......
software/caddy-frontend/buildout.hash.cfg
View file @ 6c80353c
...@@ -50,7 +50,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b ...@@ -50,7 +50,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in filename = templates/default-virtualhost.conf.in
md5sum = 113d1708520bca2ebbd72d84b440c37b md5sum = 9568465d1c1423343f7b043c8345f917
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in filename = templates/cached-virtualhost.conf.in
......
software/caddy-frontend/templates/default-virtualhost.conf.in
View file @ 6c80353c
...@@ -129,9 +129,6 @@ ...@@ -129,9 +129,6 @@
log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
errors {{ slave_parameter.get('error_log') }} errors {{ slave_parameter.get('error_log') }}
# TODO-Caddy # Remove "Secure" from cookies, as backend may be https
# TODO-Caddy Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
{%- for disabled_cookie in disabled_cookie_list %} {%- for disabled_cookie in disabled_cookie_list %}
# TODO-Caddy {{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }} # TODO-Caddy {{' RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }}
{% endfor -%} {% endfor -%}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7