From 018d3450082c60b010ec7ca052a5c219cad5e80d Mon Sep 17 00:00:00 2001 From: Raphael Michel Date: Sat, 14 Dec 2019 13:37:25 +0100 Subject: [PATCH] Add trust-x-forwarded-proto settings --- doc/admin/config.rst | 5 +++++ doc/admin/installation/docker_smallscale.rst | 2 ++ doc/admin/installation/manual_smallscale.rst | 2 ++ src/pretix/settings.py | 3 +++ 4 files changed, 12 insertions(+) diff --git a/doc/admin/config.rst b/doc/admin/config.rst index 3c69c0827..a31954cdd 100644 --- a/doc/admin/config.rst +++ b/doc/admin/config.rst @@ -90,6 +90,11 @@ Example:: proxy that actively removes and re-adds the header to make sure the correct client IP is the first value. Defaults to ``off``. +``trust_x_forwarded_proto`` + Specifies whether the ``X-Forwarded-Proto`` header can be trusted. Only set to ``on`` if you have a reverse + proxy that actively removes and re-adds the header to make sure the correct client IP is the first value. + Defaults to ``off``. + Locale settings --------------- diff --git a/doc/admin/installation/docker_smallscale.rst b/doc/admin/installation/docker_smallscale.rst index baad6fb8d..c3f2847f0 100644 --- a/doc/admin/installation/docker_smallscale.rst +++ b/doc/admin/installation/docker_smallscale.rst @@ -125,6 +125,8 @@ Fill the configuration file ``/etc/pretix/pretix.cfg`` with the following conten ; DO NOT change the following value, it has to be set to the location of the ; directory *inside* the docker container datadir=/data + trust_x_forwarded_for=on + trust_x_forwarded_proto=on [database] ; Replace postgresql with mysql for MySQL diff --git a/doc/admin/installation/manual_smallscale.rst b/doc/admin/installation/manual_smallscale.rst index aeff2c66b..48c4f5856 100644 --- a/doc/admin/installation/manual_smallscale.rst +++ b/doc/admin/installation/manual_smallscale.rst @@ -85,6 +85,8 @@ Fill the configuration file ``/etc/pretix/pretix.cfg`` with the following conten url=https://pretix.mydomain.com currency=EUR datadir=/var/pretix/data + trust_x_forwarded_for=on + trust_x_forwarded_proto=on [database] ; For MySQL, replace with "mysql" diff --git a/src/pretix/settings.py b/src/pretix/settings.py index 57e6b05d0..eba894320 100644 --- a/src/pretix/settings.py +++ b/src/pretix/settings.py @@ -134,6 +134,9 @@ CSRF_TRUSTED_ORIGINS = [urlparse(SITE_URL).hostname] TRUST_X_FORWARDED_FOR = config.get('pretix', 'trust_x_forwarded_for', fallback=False) +if config.get('pretix', 'trust_x_forwarded_proto', fallback=False): + SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') + PRETIX_PLUGINS_DEFAULT = config.get('pretix', 'plugins_default', fallback='pretix.plugins.sendmail,pretix.plugins.statistics,pretix.plugins.checkinlists,pretix.plugins.autocheckin') PRETIX_PLUGINS_EXCLUDE = config.get('pretix', 'plugins_exclude', fallback='').split(',')