From 4cfa0147db1075ddab3cfdddc90b878984c0df97 Mon Sep 17 00:00:00 2001 From: Eric Andrew Meadows Date: Mon, 26 Aug 2019 17:26:53 -0700 Subject: [PATCH 1/6] Fix to werkzeug proxy; expose additional configuration items --- setup.py | 2 +- superset/__init__.py | 5 +++-- superset/config.py | 7 +++++++ 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/setup.py b/setup.py index 72cbe97a0d597..0201493d7cc7c 100644 --- a/setup.py +++ b/setup.py @@ -72,7 +72,7 @@ def get_git_sha(): "contextlib2", "croniter>=0.3.28", "cryptography>=2.4.2", - "flask>=1.0.0, <2.0.0", + "flask>=1.1.0, <2.0.0", "flask-appbuilder>=2.1.9, <2.3.0", "flask-caching", "flask-compress", diff --git a/superset/__init__.py b/superset/__init__.py index 3b503a48c84e2..73ac0e5da2c6e 100644 --- a/superset/__init__.py +++ b/superset/__init__.py @@ -29,7 +29,6 @@ from flask_migrate import Migrate from flask_talisman import Talisman from flask_wtf.csrf import CSRFProtect -from werkzeug.contrib.fixers import ProxyFix import wtforms_json from superset import config @@ -160,7 +159,9 @@ def get_manifest(): CORS(app, **app.config.get("CORS_OPTIONS")) if app.config.get("ENABLE_PROXY_FIX"): - app.wsgi_app = ProxyFix(app.wsgi_app) + from werkzeug.middleware.proxy_fix import ProxyFix + + app.wsgi_app = ProxyFix(app.wsgi_app, **app.config.get("PROXY_FIX_CONFIG")) if app.config.get("ENABLE_CHUNK_ENCODING"): diff --git a/superset/config.py b/superset/config.py index 085c8e2e56bc9..e581b607e5b27 100644 --- a/superset/config.py +++ b/superset/config.py @@ -111,6 +111,13 @@ # Extract and use X-Forwarded-For/X-Forwarded-Proto headers? ENABLE_PROXY_FIX = False +PROXY_FIX_CONFIG = { + "x_for": 1, + "x_proto": 0, + "x_host": 1, + "x_port": 0, + "x_prefix": 0, +} # ------------------------------ # GLOBALS FOR APP Builder From 57afa0a69d623fd1a7a24eef4453dfafc457dff0 Mon Sep 17 00:00:00 2001 From: Eric Andrew Meadows Date: Tue, 27 Aug 2019 09:20:26 -0700 Subject: [PATCH 2/6] Forced to all x-forwarded configurations ON; black done --- superset/config.py | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/superset/config.py b/superset/config.py index e581b607e5b27..7b2faff091edf 100644 --- a/superset/config.py +++ b/superset/config.py @@ -111,13 +111,7 @@ # Extract and use X-Forwarded-For/X-Forwarded-Proto headers? ENABLE_PROXY_FIX = False -PROXY_FIX_CONFIG = { - "x_for": 1, - "x_proto": 0, - "x_host": 1, - "x_port": 0, - "x_prefix": 0, -} +PROXY_FIX_CONFIG = {"x_for": 1, "x_proto": 1, "x_host": 1, "x_port": 1, "x_prefix": 1} # ------------------------------ # GLOBALS FOR APP Builder From 51ec31a2d8a85e909d923e4db3496e4c940000da Mon Sep 17 00:00:00 2001 From: Eric Andrew Meadows Date: Tue, 27 Aug 2019 09:45:42 -0700 Subject: [PATCH 3/6] added comments related to x_port after testing --- superset/config.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/superset/config.py b/superset/config.py index 7b2faff091edf..e298cd87db07d 100644 --- a/superset/config.py +++ b/superset/config.py @@ -109,7 +109,8 @@ # and it's more secure to turn it off in production settings. SHOW_STACKTRACE = True -# Extract and use X-Forwarded-For/X-Forwarded-Proto headers? +# Use all X-Forwarded headers when ENABLE_PROXY_FIX is True. +# When proxying to a different port, set "x_port" to 0 to avoid downstream issues. ENABLE_PROXY_FIX = False PROXY_FIX_CONFIG = {"x_for": 1, "x_proto": 1, "x_host": 1, "x_port": 1, "x_prefix": 1} From c7d20b82eb78b703703518b183e3b2fadcc9cfec Mon Sep 17 00:00:00 2001 From: Eric Andrew Meadows Date: Tue, 3 Sep 2019 10:32:08 -0700 Subject: [PATCH 4/6] Updated UPDATING.md --- .ipynb_checkpoints/Untitled-checkpoint.ipynb | 6 ++ UPDATING.md | 5 ++ Untitled.ipynb | 66 ++++++++++++++++++++ 3 files changed, 77 insertions(+) create mode 100644 .ipynb_checkpoints/Untitled-checkpoint.ipynb create mode 100644 Untitled.ipynb diff --git a/.ipynb_checkpoints/Untitled-checkpoint.ipynb b/.ipynb_checkpoints/Untitled-checkpoint.ipynb new file mode 100644 index 0000000000000..2fd64429bf421 --- /dev/null +++ b/.ipynb_checkpoints/Untitled-checkpoint.ipynb @@ -0,0 +1,6 @@ +{ + "cells": [], + "metadata": {}, + "nbformat": 4, + "nbformat_minor": 2 +} diff --git a/UPDATING.md b/UPDATING.md index 54f8ef1d632da..62c89bf5741b7 100644 --- a/UPDATING.md +++ b/UPDATING.md @@ -23,6 +23,11 @@ assists people when migrating to a new version. ## Next Version +* [8117](https://github.com/apache/incubator-superset/pull/8117): If you are +using `ENABLE_PROXY_FIX = True`, review the newly-introducted variable, +`PROXY_FIX_CONFIG`, which changes the proxy behavior in accordance with +[Werkzeug](https://werkzeug.palletsprojects.com/en/0.15.x/middleware/proxy_fix/) + * [7848](https://github.com/apache/incubator-superset/pull/7848): If you are running redis with celery, celery bump to 4.3.0 requires redis-py upgrade to 3.2.0 or later. diff --git a/Untitled.ipynb b/Untitled.ipynb new file mode 100644 index 0000000000000..8188d63b5aa0a --- /dev/null +++ b/Untitled.ipynb @@ -0,0 +1,66 @@ +{ + "cells": [ + { + "cell_type": "code", + "execution_count": 1, + "metadata": {}, + "outputs": [], + "source": [ + "import boto3\n", + "session = boto3.Session(profile_name=\"pax-tract-dev-eric\")\n", + "s3 = session.resource(\"s3\")" + ] + }, + { + "cell_type": "code", + "execution_count": 5, + "metadata": {}, + "outputs": [ + { + "data": { + "text/plain": [ + "[s3.ObjectSummary(bucket_name='pax-analytics-production', key='partner-connect-platform/raw/staging/2019/08/17/17/partner-connect-platform-staging-2-2019-08-17-17-23-41-13fb9c42-6cbf-4b10-a474-64a69c38a106')]" + ] + }, + "execution_count": 5, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "bucket = s3.Bucket(\"pax-analytics-production\")\n", + "path = \"partner-connect-platform/raw/staging/2019/08/17/17\"\n", + "objs = list(bucket.objects.filter(Prefix=path))\n", + "objs" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [] + } + ], + "metadata": { + "kernelspec": { + "display_name": "Python 3", + "language": "python", + "name": "python3" + }, + "language_info": { + "codemirror_mode": { + "name": "ipython", + "version": 3 + }, + "file_extension": ".py", + "mimetype": "text/x-python", + "name": "python", + "nbconvert_exporter": "python", + "pygments_lexer": "ipython3", + "version": "3.7.3" + } + }, + "nbformat": 4, + "nbformat_minor": 2 +} From 4273d1fa49cd912f5ddd9981adb410a36f65a783 Mon Sep 17 00:00:00 2001 From: Eric Andrew Meadows Date: Tue, 3 Sep 2019 10:51:56 -0700 Subject: [PATCH 5/6] Removed accidental notebook; added *.ipynb to gitignore --- .gitignore | 1 + Untitled.ipynb | 66 -------------------------------------------------- 2 files changed, 1 insertion(+), 66 deletions(-) delete mode 100644 Untitled.ipynb diff --git a/.gitignore b/.gitignore index ad106b34fa1ad..ab5126af5d5e3 100644 --- a/.gitignore +++ b/.gitignore @@ -14,6 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # +*.ipynb *.bak *.db *.pyc diff --git a/Untitled.ipynb b/Untitled.ipynb deleted file mode 100644 index 8188d63b5aa0a..0000000000000 --- a/Untitled.ipynb +++ /dev/null @@ -1,66 +0,0 @@ -{ - "cells": [ - { - "cell_type": "code", - "execution_count": 1, - "metadata": {}, - "outputs": [], - "source": [ - "import boto3\n", - "session = boto3.Session(profile_name=\"pax-tract-dev-eric\")\n", - "s3 = session.resource(\"s3\")" - ] - }, - { - "cell_type": "code", - "execution_count": 5, - "metadata": {}, - "outputs": [ - { - "data": { - "text/plain": [ - "[s3.ObjectSummary(bucket_name='pax-analytics-production', key='partner-connect-platform/raw/staging/2019/08/17/17/partner-connect-platform-staging-2-2019-08-17-17-23-41-13fb9c42-6cbf-4b10-a474-64a69c38a106')]" - ] - }, - "execution_count": 5, - "metadata": {}, - "output_type": "execute_result" - } - ], - "source": [ - "bucket = s3.Bucket(\"pax-analytics-production\")\n", - "path = \"partner-connect-platform/raw/staging/2019/08/17/17\"\n", - "objs = list(bucket.objects.filter(Prefix=path))\n", - "objs" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "metadata": {}, - "outputs": [], - "source": [] - } - ], - "metadata": { - "kernelspec": { - "display_name": "Python 3", - "language": "python", - "name": "python3" - }, - "language_info": { - "codemirror_mode": { - "name": "ipython", - "version": 3 - }, - "file_extension": ".py", - "mimetype": "text/x-python", - "name": "python", - "nbconvert_exporter": "python", - "pygments_lexer": "ipython3", - "version": "3.7.3" - } - }, - "nbformat": 4, - "nbformat_minor": 2 -} From cc556e61664a6e394b3ae27ac0e7cb974e3fa0f9 Mon Sep 17 00:00:00 2001 From: ericandrewmeadows Date: Wed, 4 Sep 2019 09:19:35 -0700 Subject: [PATCH 6/6] Delete Untitled-checkpoint.ipynb --- .ipynb_checkpoints/Untitled-checkpoint.ipynb | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 .ipynb_checkpoints/Untitled-checkpoint.ipynb diff --git a/.ipynb_checkpoints/Untitled-checkpoint.ipynb b/.ipynb_checkpoints/Untitled-checkpoint.ipynb deleted file mode 100644 index 2fd64429bf421..0000000000000 --- a/.ipynb_checkpoints/Untitled-checkpoint.ipynb +++ /dev/null @@ -1,6 +0,0 @@ -{ - "cells": [], - "metadata": {}, - "nbformat": 4, - "nbformat_minor": 2 -}