From 3b41cb97c45167d7c5cc075a8d73c4eb3e7bbc93 Mon Sep 17 00:00:00 2001
From: Tihomir Trifonov <t.trifonov@gmail.com>
Date: Mon, 28 May 2012 13:19:54 +0300
Subject: [PATCH] Added help text in local.settings.example how to setup
 Horizon to use SSL-offloading proxy to properly handle page redirects to SSL.

The example is for Django 1.4 only.
As I see at the moment Django 1.3 is
not supported (pip-requires says Django>=1.4),
so no example for Django 1.3 is added.

Fixes bug 999960

Change-Id: I3b885e84ef8332bfd0fe35a2307eb691cf34be03
---
 horizon/tests/base_tests.py                   | 25 +++++++++++++++++++
 .../local/local_settings.py.example           |  8 +++++-
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/horizon/tests/base_tests.py b/horizon/tests/base_tests.py
index d99e9fb25..20c87f1c7 100644
--- a/horizon/tests/base_tests.py
+++ b/horizon/tests/base_tests.py
@@ -308,3 +308,28 @@ class HorizonTests(BaseHorizonTests):
                                follow=False,
                                HTTP_X_REQUESTED_WITH='XMLHttpRequest')
         self.assertEqual(resp.status_code, 200)
+
+    def test_ssl_redirect_by_proxy(self):
+        users.get_user_from_request = self._real_get_user_from_request
+        dogs = horizon.get_dashboard("dogs")
+        puppies = dogs.get_panel("puppies")
+        url = puppies.get_absolute_url()
+        redirect_url = "?".join([urlresolvers.reverse("horizon:auth_login"),
+                                 "next=%s" % url])
+
+        client = Client()
+        client.logout()
+        resp = client.get(url)
+        self.assertRedirectsNoFollow(resp, redirect_url)
+
+        # Set SSL settings for test server
+        settings.TESTSERVER = 'https://testserver:80'
+        settings.SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL',
+                                            'https')
+
+        resp = client.get(url, HTTP_X_FORWARDED_PROTOCOL="https")
+        self.assertRedirectsNoFollow(resp, redirect_url)
+
+        # Restore settings
+        settings.TESTSERVER = 'http://testserver'
+        settings.SECURE_PROXY_SSL_HEADER = None
diff --git a/openstack_dashboard/local/local_settings.py.example b/openstack_dashboard/local/local_settings.py.example
index 5e293150c..9b568fddb 100644
--- a/openstack_dashboard/local/local_settings.py.example
+++ b/openstack_dashboard/local/local_settings.py.example
@@ -5,7 +5,13 @@ from django.utils.translation import ugettext_lazy as _
 DEBUG = True
 TEMPLATE_DEBUG = DEBUG
 PROD = False
-USE_SSL = False
+
+# Set SSL proxy settings:
+# For Django 1.4+ pass this header from the proxy after terminating the SSL,
+# and don't forget to strip it from the client's request.
+# For more information see:
+# https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header
+# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
 
 # Note: You should change this value
 SECRET_KEY = 'elj1IWiLoWHgcyYxFVLj7cM5rGOOxWl0'