exceptionfactory opened a new pull request #5329: URL: https://github.com/apache/nifi/pull/5329
#### Description of PR NIFI-9060 Refactors HTTP cookie processing to improve integration when running NiFi behind a reverse proxy server. The `nifi.web.proxy.context.path` property provides the option for NiFi to accept forwarded context paths using HTTP headers such as `X-ProxyContextPath`. Instead of using the hard-coded root path `/` for HTTP cookies, the new `ApplicationCookieService` interface and implementation support setting the path based on the proxy header when provided. Additional changes include adjusting the prefix of the `Authorization-Bearer` cookie name from `__Host-` to `__Secure-`. The [__Host-](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-4.1.3.2) prefix requires the cookie `Path` property set to `/`, necessitating the change to [__Secure-](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-4.1.3.1) in order to support different path values. The `__Secure-` prefix works in conjunction with the `Secure` property to ensure that the client will only send the cookie over HTTPS. Several login and logout JavaScript functions included hard-coded `window.location` redirects to `/nifi`, which did not function correctly when running behind a reverse proxy server. Other functions use the `../nifi/` path, which works in both reverse proxy and standard configurations, and also avoids unnecessary redirects from `/nifi` to `/nifi/`. In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [X] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [X] Does your PR title start with **NIFI-XXXX** where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [X] Has your PR been rebased against the latest commit within the target branch (typically `main`)? - [X] Is your initial contribution a single, squashed commit? _Additional commits in response to PR reviewer feedback should be made on this branch and pushed to allow change tracking. Do not `squash` or use `--force` when pushing to allow for clean monitoring of changes._ ### For code changes: - [X] Have you ensured that the full suite of tests is executed via `mvn -Pcontrib-check clean install` at the root `nifi` folder? - [X] Have you written or updated unit tests to verify your changes? - [X] Have you verified that the full build is successful on JDK 8? - [X] Have you verified that the full build is successful on JDK 11? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] If applicable, have you updated the `LICENSE` file, including the main `LICENSE` file under `nifi-assembly`? - [ ] If applicable, have you updated the `NOTICE` file, including the main `NOTICE` file found under `nifi-assembly`? - [ ] If adding new Properties, have you added `.displayName` in addition to .name (programmatic access) for each of the new properties? ### For documentation related changes: - [ ] Have you ensured that format looks appropriate for the output in which it is rendered? ### Note: Please ensure that once the PR is submitted, you check GitHub Actions CI for build issues and submit an update to your PR as soon as possible. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
