Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improper handling of ASGI scope when SSL termination is used before the ASGI server #445

Open
RobertoPrevato opened this issue Dec 11, 2023 · 1 comment
Open

Improper handling of ASGI scope when SSL termination is used before the ASGI server #445

RobertoPrevato opened this issue Dec 11, 2023 · 1 comment

Comments

@RobertoPrevato
Copy link
Member

RobertoPrevato commented Dec 11, 2023
edited

Describe the bug
If uvicorn or another ASGI server is handling requests under a proxy server that does SSL termination, the method get_absolute_url_to_path returns a URL over http://, which is not correct and especially not correct in the context of the OpenID Connect integration where HTTPS in always usedm in practice.
@RobertoPrevato
Copy link
Member Author

Maybe it is sufficient to run uvicorn with --proxy-headers option https://www.uvicorn.org/deployment/#running-behind-nginx

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@RobertoPrevato