mirror of https://github.com/zulip/zulip.git
tornado: Fix Tornado CSRF check with X-Forwarded-Proto.
Since Django factors request.is_secure() into its CSRF check, we need this to tell it to consider requests forwarded from nginx to Tornado as secure. Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
parent
f992116d9f
commit
ce9ceb7f9f
|
@ -3,6 +3,7 @@ proxy_http_version 1.1;
|
||||||
# http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive
|
# http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive
|
||||||
proxy_set_header Connection "";
|
proxy_set_header Connection "";
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Real-Ip $remote_addr;
|
proxy_set_header X-Real-Ip $remote_addr;
|
||||||
proxy_next_upstream off;
|
proxy_next_upstream off;
|
||||||
|
|
|
@ -13,6 +13,8 @@ from tornado import autoreload
|
||||||
from tornado.platform.asyncio import AsyncIOMainLoop
|
from tornado.platform.asyncio import AsyncIOMainLoop
|
||||||
|
|
||||||
settings.RUNNING_INSIDE_TORNADO = True
|
settings.RUNNING_INSIDE_TORNADO = True
|
||||||
|
if settings.PRODUCTION:
|
||||||
|
settings.SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
|
||||||
|
|
||||||
from zerver.lib.async_utils import NoAutoCreateEventLoopPolicy
|
from zerver.lib.async_utils import NoAutoCreateEventLoopPolicy
|
||||||
from zerver.lib.debug import interactive_debug_listen
|
from zerver.lib.debug import interactive_debug_listen
|
||||||
|
|
Loading…
Reference in New Issue