Closed torgeirl closed 1 year ago
@Levijatan: we have uncovered that the cluster's loadbalancer is overwriting our application's set-header
directives. I'll give another update once our request to update the loadbalancer config has been met, hopefully that will solve the issue in our end.
@torgeirl It seems that would create the problem, it looks like django tries to use 'HTTP_HOST' in META of the request to build the absolute url. One possible solution is to have the loadbalancer forward X-Forwarded headers and set USE_X_FORWARDED_HOST = True SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') in the django settings. This allowes django to use 'HTTP_X_FORWARDED_HOST' instead of 'HTTP_HOST'
@Levijatan: had to adjust a few other things first, but your suggestion solved our issue! :tada:
The implementation of federated authentication (#88) seems to assume the hostname will be part of the login provider's
redirect_url
, but that isn't necessarily the case. When attempting to use Dataporten in a Kubernetes cluster, theredirect_url
gets set tohttp://<route.spec.host>/authenticate/allauth/dataporten/login/callback/
instead ofhttps://<URL>/authenticate/allauth/dataporten/login/callback/
.Some way of changing
LOGIN_REDIRECT_URL
or option insettings.py
to overwrite it seems to be a solution.