Allow Cross Server Redirects in https staging #114

Closed
oldpatricka opened this Issue Aug 16, 2012 · 2 comments

1 participant

@oldpatricka
Nimbus member

This is disabled right here: https://github.com/nimbusproject/nimbus/blob/master/control/src/python/workspacecontrol/defaults/imageprocurement/propagate_https.py#L185

I don't see any reason we shouldn't allow this. Does anyone have any objections?

@oldpatricka
Nimbus member

As discussed on Campfire, the solution to this will be:

  • Print a warning when a cross-server redirect is followed
  • Add an option to disable cross server redirects
  • Add a warning in the whitelist section of global-policy.conf that redirects can be followed.
@oldpatricka oldpatricka was assigned Aug 17, 2012
@oldpatricka
Nimbus member

This issue is fixed in c611a8f (and 2652487, sigh)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment