John Kristensen (
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Afdc66bd2-0956-4835-85d4-ce566722f385
) *created* an issue
GeoServer (
https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiN2JjMTgwYzVlNzg4NGE1YWIxMjE0ZGUzOTc0OGZjZGMiLCJwIjoiaiJ9
) / Bug (
https://osgeo-org.atlassian.net/browse/GEOS-10038?atlOrigin=eyJpIjoiN2JjMTgwYzVlNzg4NGE1YWIxMjE0ZGUzOTc0OGZjZGMiLCJwIjoiaiJ9
) GEOS-10038 (
https://osgeo-org.atlassian.net/browse/GEOS-10038?atlOrigin=eyJpIjoiN2JjMTgwYzVlNzg4NGE1YWIxMjE0ZGUzOTc0OGZjZGMiLCJwIjoiaiJ9
) Incorrect login URL when using "Proxy Base URL" settings with " Use headers
for Proxy URL" (
https://osgeo-org.atlassian.net/browse/GEOS-10038?atlOrigin=eyJpIjoiN2JjMTgwYzVlNzg4NGE1YWIxMjE0ZGUzOTc0OGZjZGMiLCJwIjoiaiJ9
)
Issue Type: Bug Affects Versions: 2.19.0 Assignee: Unassigned Created:
27/Apr/21 11:28 AM Priority: Medium Reporter: John Kristensen (
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Afdc66bd2-0956-4835-85d4-ce566722f385
)
I'm running Geoserver behind a reverse proxy and have set the "Proxy Base URL"
settings to something like
https: //geoserver.example.com/geoserver
which generate a login form with the following tag:
<form style= "display: inline-block;" method= "post" action= "https:
//geoserver.example.com/geoserver/j_spring_security_check" >
However if I tick the "Use headers for Proxy URL" setting, then the login form
is generated with the following tag:
<form style= "display: inline-block;" method= "post" action= "http:
//localhost:8080/geoserver/j_spring_security_check" >
Usually this wouldn't be a problem when using a "static" Proxy Base URL, but I
would like to use a "dynamic" Proxy Base URL like
https: //${X-Forwarded-Host}/geoserver
As best as I can tell the problem seems to be in the mangleURLHeaders method
and its check for OWS requests (see:
https://github.com/geoserver/geoserver/blob/main/src/main/src/main/java/org/geoserver/ows/ProxifyingURLMangler.java#L149
)
Commenting out that check seems to resolve the problem, but I'm not very
familiar with the codebase, so have not idea what other side-effects removing
it would cause.
(
https://osgeo-org.atlassian.net/browse/GEOS-10038#add-comment?atlOrigin=eyJpIjoiN2JjMTgwYzVlNzg4NGE1YWIxMjE0ZGUzOTc0OGZjZGMiLCJwIjoiaiJ9
) Add Comment (
https://osgeo-org.atlassian.net/browse/GEOS-10038#add-comment?atlOrigin=eyJpIjoiN2JjMTgwYzVlNzg4NGE1YWIxMjE0ZGUzOTc0OGZjZGMiLCJwIjoiaiJ9
)
Get Jira notifications on your phone! Download the Jira Cloud app for Android (
https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail
) or iOS (
https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8
) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100157-
sha1:76eb1b6 )_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
