Permalink
Browse files

Add an option to allow cross server redirects

  • Loading branch information...
1 parent b926c28 commit c611a8f2c33607162b162e52b465755ea16d22b2 @oldpatricka oldpatricka committed Aug 20, 2012
@@ -34,6 +34,12 @@ http: false
# This allows you to authenticate with the server with an x509 credential.
https: false
+# Set this to 'true' to allow cross server redirects from https.
+# You might want this to be false if you have a very strict whitelist and
+# do not trust your https servers to not redirect to a server that isn't on
+# the whitelist
+https-cross-server-redirect: true
+
# Hadoop Distributed File System (hdfs)
# Make this point to the hadoop executable of your install. Environment
# variables of the form $var and ${var} will be expanded if possible.
@@ -13,6 +13,11 @@ class propadapter(PropagationAdapter):
def __init__(self, params, common):
PropagationAdapter.__init__(self, params, common)
+ allow_xserver = self.p.get_conf_or_none('propagation', 'https-cross-server-redirect')
+ if allow_xserver.strip().lower() == "true":
+ self.allow_xserver_redirect = True
+ else:
+ self.allow_xserver_redirect = False
def validate(self):
self.c.log.debug("validating https propagation adapter")
@@ -182,7 +187,7 @@ def _get_handle_redirects(self, connection, path):
host = host_port[0]
redirect_path = url[2] + "?" + url[4]
- if host != connection.host:
+ if host != connection.host and not self.allow_xserver_redirect:
errmsg = "Cannot follow cross-server redirect from %s to %s" % (connection.host, host)
self.c.log.error(errmsg)
raise UnexpectedError(errmsg)

0 comments on commit c611a8f

Please sign in to comment.