Bug #4286

Apache rewrites headers when importing vcenter clusters

Added by OpenNebula Systems Support Team over 5 years ago. Updated over 4 years ago.

Status:ClosedStart date:01/12/2016
Priority:NormalDue date:
Assignee:Tino Vázquez% Done:

100%

Category:vCenter
Target version:Release 5.2
Resolution:fixed Pull request:
Affected Versions:OpenNebula 5.0

Description

Sunstone expects HTTP_X_VCENTER_* but instead gets X_VCENTER_*.

check Apache configuration

Associated revisions

Revision 960e7d1b
Added by Tino Vázquez almost 5 years ago

Bug #4286: Accepting both HTTP_X and X header naming convention

Revision 85d265ca
Added by Tino Vázquez over 4 years ago

Bug #4286: Renamed vCenter headers to avoid web server dropping

History

#1 Updated by Javi Fontan over 5 years ago

From Apache Documentation (http://httpd.apache.org/docs/trunk/new_features_2_4.html):

Translation of headers to environment variables is more strict than before to mitigate some possible cross-site-scripting attacks via header injection. Headers containing invalid characters (including underscores) are now silently dropped. Environment Variables in Apache has some pointers on how to work around broken legacy clients which require such headers. (This affects all modules which use these environment variables.)

Configuration workaround in this link:

http://httpd.apache.org/docs/trunk/env.html#fixheader

For 5.0 is better to fix header names.

#2 Updated by Ruben S. Montero about 5 years ago

  • Category set to vCenter

#3 Updated by Tino Vázquez almost 5 years ago

  • Status changed from Pending to Closed
  • Assignee set to Tino Vázquez
  • % Done changed from 0 to 100
  • Resolution set to fixed

No both naming conventions are accepted

#4 Updated by Jaime Melis almost 5 years ago

  • Status changed from Closed to New
  • Target version deleted (Release 5.0)
  • Resolution deleted (fixed)
  • Affected Versions OpenNebula 5.0 added

Underscore is not allowed, these variables should be changed to HTTP-X-VCENTER-*

#5 Updated by Jaime Melis almost 5 years ago

  • Target version set to Release 5.2

#6 Updated by Tino Vázquez over 4 years ago

  • Status changed from New to Closed
  • Resolution set to fixed

Also available in: Atom PDF