Page MenuHomePhabricator

Don't apply `security.require-https` to intracluster requests
ClosedPublic

Authored by epriestley on Apr 13 2016, 1:17 PM.
Tags
None
Referenced Files
F12846575: D15696.id37818.diff
Fri, Mar 29, 1:19 AM
Unknown Object (File)
Wed, Mar 27, 2:34 AM
Unknown Object (File)
Wed, Mar 27, 2:34 AM
Unknown Object (File)
Tue, Mar 26, 3:10 AM
Unknown Object (File)
Feb 2 2024, 11:01 PM
Unknown Object (File)
Jan 29 2024, 9:52 PM
Unknown Object (File)
Jan 17 2024, 12:39 AM
Unknown Object (File)
Jan 17 2024, 12:39 AM
Subscribers
None

Details

Summary

Ref T10784. Currently, if you terminate SSL at a load balancer (very common) and use HTTP beyond that, you have to fiddle with this setting in your premable or a SiteConfig.

On the balance I think this makes stuff much harder to configure without any real security benefit, so don't apply this option to intracluster requests.

Also document a lot of stuff.

Test Plan

Poked around locally but this is hard to test outside of a production cluster, I'll vet it more thoroughly on secure.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley retitled this revision from to Don't apply `security.require-https` to intracluster requests.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
chad edited edge metadata.
chad added inline comments.
src/docs/user/cluster/cluster.diviner
96

accessing? or access to?

This revision is now accepted and ready to land.Apr 13 2016, 4:28 PM
epriestley edited edge metadata.
  • Add missing "access to".
This revision was automatically updated to reflect the committed changes.