)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"ecda1321551b24242a63dc29284ecdddc0b28ba4","unresolved":true,"context_lines":[{"line_number":13,"context_line":"does not make any sense. It should be possible to enable TLS on both"},{"line_number":14,"context_line":"loadbalancer and horizon backend."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Additionally, HTTP_X_FORWARDED_PROTO header should be defined regardless"},{"line_number":17,"context_line":"of whether the backend listens on https or regular http."},{"line_number":18,"context_line":"For example if loadbalancer listens on https and backend on http,"},{"line_number":19,"context_line":"HTTP_X_FORWARDED_PROTO should be set to \u0027https\u0027. Otherwise horizon will"},{"line_number":20,"context_line":"respond with redirection to http."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Change-Id: I7706e52c01b3f0d72ea383a0476045e606078cff"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":4,"id":"f795b02f_eedc02a2","line":20,"range":{"start_line":16,"start_character":0,"end_line":20,"end_character":33},"updated":"2023-04-08 06:29:50.000000000","message":"feels like this is talking about the loadbalancer config and not anything changed in this patch?","commit_id":"b68765b63c0282873f989ede9aaebec35699ff90"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"be6bd98ce0cbbb6f8f0673da10390d142c163751","unresolved":true,"context_lines":[{"line_number":13,"context_line":"does not make any sense. It should be possible to enable TLS on both"},{"line_number":14,"context_line":"loadbalancer and horizon backend."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Additionally, HTTP_X_FORWARDED_PROTO header should be defined regardless"},{"line_number":17,"context_line":"of whether the backend listens on https or regular http."},{"line_number":18,"context_line":"For example if loadbalancer listens on https and backend on http,"},{"line_number":19,"context_line":"HTTP_X_FORWARDED_PROTO should be set to \u0027https\u0027. Otherwise horizon will"},{"line_number":20,"context_line":"respond with redirection to http."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Change-Id: I7706e52c01b3f0d72ea383a0476045e606078cff"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":4,"id":"a0980dd3_d92ad49a","line":20,"range":{"start_line":16,"start_character":0,"end_line":20,"end_character":33},"in_reply_to":"0906d6a5_0f302b3e","updated":"2023-04-08 20:20:45.000000000","message":"OK - the second paragraph of the commit message reads as if something external to this patch has to make those settings. It doesn\u0027t clearly describe that those changes are actually made in this patch and I was not able to relate the commit message wording to what I saw in the diff.","commit_id":"b68765b63c0282873f989ede9aaebec35699ff90"},{"author":{"_account_id":32666,"name":"Damian Dąbrowski","email":"damian@dabrowski.cloud","username":"ddabrowski"},"change_message_id":"2f6a2c91f64061d504e0f9af343989302b859d5e","unresolved":true,"context_lines":[{"line_number":13,"context_line":"does not make any sense. It should be possible to enable TLS on both"},{"line_number":14,"context_line":"loadbalancer and horizon backend."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Additionally, HTTP_X_FORWARDED_PROTO header should be defined regardless"},{"line_number":17,"context_line":"of whether the backend listens on https or regular http."},{"line_number":18,"context_line":"For example if loadbalancer listens on https and backend on http,"},{"line_number":19,"context_line":"HTTP_X_FORWARDED_PROTO should be set to \u0027https\u0027. Otherwise horizon will"},{"line_number":20,"context_line":"respond with redirection to http."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Change-Id: I7706e52c01b3f0d72ea383a0476045e606078cff"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":4,"id":"9266d929_36221bd1","line":20,"range":{"start_line":16,"start_character":0,"end_line":20,"end_character":33},"in_reply_to":"a0980dd3_d92ad49a","updated":"2023-04-11 17:37:47.000000000","message":"i\u0027ve changed commit msg, hopefully it\u0027s more clear now.","commit_id":"b68765b63c0282873f989ede9aaebec35699ff90"},{"author":{"_account_id":32666,"name":"Damian Dąbrowski","email":"damian@dabrowski.cloud","username":"ddabrowski"},"change_message_id":"8d918a9ef40233ab57bab06fd0d17eb6e76e75de","unresolved":true,"context_lines":[{"line_number":13,"context_line":"does not make any sense. It should be possible to enable TLS on both"},{"line_number":14,"context_line":"loadbalancer and horizon backend."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Additionally, HTTP_X_FORWARDED_PROTO header should be defined regardless"},{"line_number":17,"context_line":"of whether the backend listens on https or regular http."},{"line_number":18,"context_line":"For example if loadbalancer listens on https and backend on http,"},{"line_number":19,"context_line":"HTTP_X_FORWARDED_PROTO should be set to \u0027https\u0027. Otherwise horizon will"},{"line_number":20,"context_line":"respond with redirection to http."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Change-Id: I7706e52c01b3f0d72ea383a0476045e606078cff"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":4,"id":"0906d6a5_0f302b3e","line":20,"range":{"start_line":16,"start_character":0,"end_line":20,"end_character":33},"in_reply_to":"f795b02f_eedc02a2","updated":"2023-04-08 13:09:07.000000000","message":"it is related to this patch, this comment describes why now we have:\n\nin templates/openstack_dashboard.conf.j2:\n\n```\n{% if horizon_external_ssl | bool %}\n    RequestHeader set {{ horizon_secure_proxy_ssl_header }} \"https\"\n{% else %}\n    RequestHeader set {{ horizon_secure_proxy_ssl_header }} \"http\"\n{% endif %}\n```\n\nand in templates/horizon_local_settings.py.j2:\n\n```\n{% if horizon_external_ssl | bool %}\n# Set SSL proxy settings:\n# For Django 1.4+ pass this header from the proxy after terminating the SSL,\n# and don\u0027t forget to strip it from the client\u0027s request.\n# For more information see:\n# https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header\nSECURE_PROXY_SSL_HEADER \u003d (\u0027{{ horizon_secure_proxy_ssl_header_django }}\u0027, \u0027https\u0027)\nSECURE_PROXY_ADDR_HEADER \u003d \u0027HTTP_X_FORWARDED_FOR\u0027\n{% endif %}\n```\n\npreviously the condition was:\n`{% if (horizon_enable_ssl | bool) and not (horizon_external_ssl | bool) %}`\n\nso `HTTP_X_FORWARDED_PROTO` header was applied only when `horizon_enable_ssl` was set to True which is not correct.","commit_id":"b68765b63c0282873f989ede9aaebec35699ff90"}]}
