Actions
Bug #27791
openUI: content-security-policy + hostname prevents us from using a reverse proxy
Status:
Need more information
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
-
Description
hi,
we're runnning a reverse proxy in front of foreman with a different hostname. this works just fine for almost everything. it does NOT work for (at least) one specific case:
in:
app/views/hosts/_operating_system.html.erb
there is this button ("resolve templates"):
<%= link_to_function icon_text("refresh", _("Resolve")), "template_info('#templates_info','#{template_used_hosts_url(:id => @host.id)}')", :class => "btn btn-default" %>
and in this, this part:
'#{template_used_hosts_url(:id => @host.id)}'
renders the "internal" hostname, which
a.) doesn't work (that hostname is not reachable directly in our case)
b.) it conflicts with the content security policy (which only "self" allowed, disabling all cross origin ajax)
since the hostname needed here should simply be whatever the origin is, i am assuming that this should be an easy fix. since i don't know all the internals & details, this assumption could of course be blatantly wrong. if it IS easy, we would be extremely happy if this was fixed (and possibly any other places where this pattern appears). also, not sure if this really counts as a bug.
thank you very much
ruben malchow
Files
Actions