Skip to content
This repository
Browse code

Add an option to allow cross server redirects

  • Loading branch information...
commit c611a8f2c33607162b162e52b465755ea16d22b2 1 parent b926c28
Patrick Armstrong authored
6  control/etc/workspace-control/propagation.conf
@@ -34,6 +34,12 @@ http: false
34 34
 # This allows you to authenticate with the server with an x509 credential.
35 35
 https: false
36 36
 
  37
+# Set this to 'true' to allow cross server redirects from https.
  38
+# You might want this to be false if you have a very strict whitelist and 
  39
+# do not trust your https servers to not redirect to a server that isn't on
  40
+# the whitelist
  41
+https-cross-server-redirect: true
  42
+
37 43
 # Hadoop Distributed File System (hdfs)
38 44
 # Make this point to the hadoop executable of your install.  Environment
39 45
 # variables of the form $var and ${var} will be expanded if possible.
7  control/src/python/workspacecontrol/defaults/imageprocurement/propagate_https.py
@@ -13,6 +13,11 @@ class propadapter(PropagationAdapter):
13 13
 
14 14
     def __init__(self, params, common):
15 15
         PropagationAdapter.__init__(self, params, common)
  16
+        allow_xserver = self.p.get_conf_or_none('propagation', 'https-cross-server-redirect')
  17
+        if allow_xserver.strip().lower() == "true":
  18
+            self.allow_xserver_redirect = True
  19
+        else:
  20
+            self.allow_xserver_redirect = False
16 21
 
17 22
     def validate(self):
18 23
         self.c.log.debug("validating https propagation adapter")
@@ -182,7 +187,7 @@ def _get_handle_redirects(self, connection, path):
182 187
             host = host_port[0]
183 188
             redirect_path = url[2] + "?" + url[4]
184 189
 
185  
-            if host != connection.host:
  190
+            if host != connection.host and not self.allow_xserver_redirect:
186 191
                 errmsg = "Cannot follow cross-server redirect from %s to %s" % (connection.host, host)
187 192
                 self.c.log.error(errmsg)
188 193
                 raise UnexpectedError(errmsg)

0 notes on commit c611a8f

Please sign in to comment.
Something went wrong with that request. Please try again.