Horizon HTTPS redirects are incorrect
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Confirmed
|
Low
|
Dmitry Ilyin | ||
9.x |
Fix Released
|
Low
|
Max Yatsenko |
Bug Description
When SSL is enabled users are redirected from the HTTP URLs to the HTTPS ones.
* If a user tries to connect to the HTTP URL and tries to get "/" the HAProxy backend will send a redirect to to the port 443 and "/" too.
* This connection is able to bypass the first redirection and makes its way through the HAProxt SSL termination to the Apache backend without SSL.
* The request is redirected again by the rule: "RedirectMatch permanent ^/$ /horizon" but is sent
to the URL http://
* Then, this request again is bounced by the HAProxy backend to https:/
* Finally, this request is able to reach Horizon and is redirected to the login page.
* http://
* https:/
* http://
* https:/
* https:/
This chain of redirects will break if only the port 443 is opened or forwarded and the client is not able to connect when he is asked to go to http again, provided the first request was to the https:/
Changed in fuel: | |
importance: | Undecided → Medium |
status: | New → Confirmed |
milestone: | none → 10.0 |
assignee: | nobody → Dmitry Ilyin (idv1985) |
tags: | added: 10.0-reviewed |
Changed in fuel: | |
importance: | Medium → Low |
affects: | fuel → mos |
Changed in mos: | |
milestone: | 10.0 → none |
Changed in mos: | |
milestone: | none → 9.x-updates |
tags: | added: customer-found |
Changed in mos: | |
milestone: | 9.x-updates → 10.0 |
tags: | added: on-verification |
(This check performed automatically)
Please, make sure that bug description contains the following sections filled in with the appropriate data related to the bug you are describing:
actual result
version
expected result
steps to reproduce
For more detailed information on the contents of each of the listed sections see https:/ /wiki.openstack .org/wiki/ Fuel/How_ to_contribute# Here_is_ how_you_ file_a_ bug