Fix to Werkzeug ProxyFix; expose ProxyFix configuration items (apache…

…#8117) * Fix to werkzeug proxy; expose additional configuration items * Forced to all x-forwarded configurations ON; black done * added comments related to x_port after testing * Updated UPDATING.md * Removed accidental notebook; added *.ipynb to gitignore * Delete Untitled-checkpoint.ipynb
CybercentreCanada · Sep 8, 2019 · 3209943 · 3209943
1 parent e5704ca
commit 3209943
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 5 deletions.
diff --git a/.gitignore b/.gitignore
@@ -14,6 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+*.ipynb
 *.bak
 *.db
 *.pyc

diff --git a/UPDATING.md b/UPDATING.md
@@ -23,7 +23,18 @@ assists people when migrating to a new version.
 
 ## Next Version
 
-* [7848](https://github.com/apache/incubator-superset/pull/7848): If you are 
+* [8117](https://github.com/apache/incubator-superset/pull/8117): If you are
+using `ENABLE_PROXY_FIX = True`, review the newly-introducted variable,
+`PROXY_FIX_CONFIG`, which changes the proxy behavior in accordance with
+[Werkzeug](https://werkzeug.palletsprojects.com/en/0.15.x/middleware/proxy_fix/)
+
+* [8069](https://github.com/apache/incubator-superset/pull/8069): introduces
+[MessagePack](https://github.com/msgpack/msgpack-python) and
+[PyArrow](https://arrow.apache.org/docs/python/) for async query results
+backend serialization. To disable set `RESULTS_BACKEND_USE_MSGPACK = False`
+in your configuration.
+
+* [7848](https://github.com/apache/incubator-superset/pull/7848): If you are
 running redis with celery, celery bump to 4.3.0 requires redis-py upgrade to
 3.2.0 or later.
 

diff --git a/setup.py b/setup.py
@@ -72,7 +72,7 @@ def get_git_sha():
         "contextlib2",
         "croniter>=0.3.28",
         "cryptography>=2.4.2",
-        "flask>=1.0.0, <2.0.0",
+        "flask>=1.1.0, <2.0.0",
         "flask-appbuilder>=2.1.9, <2.3.0",
         "flask-caching",
         "flask-compress",

diff --git a/superset/__init__.py b/superset/__init__.py
@@ -29,7 +29,6 @@
 from flask_migrate import Migrate
 from flask_talisman import Talisman
 from flask_wtf.csrf import CSRFProtect
-from werkzeug.contrib.fixers import ProxyFix
 import wtforms_json
 
 from superset import config
@@ -160,7 +159,9 @@ def get_manifest():
     CORS(app, **app.config.get("CORS_OPTIONS"))
 
 if app.config.get("ENABLE_PROXY_FIX"):
-    app.wsgi_app = ProxyFix(app.wsgi_app)
+    from werkzeug.middleware.proxy_fix import ProxyFix
+
+    app.wsgi_app = ProxyFix(app.wsgi_app, **app.config.get("PROXY_FIX_CONFIG"))
 
 if app.config.get("ENABLE_CHUNK_ENCODING"):
 

diff --git a/superset/config.py b/superset/config.py
@@ -109,8 +109,10 @@
 # and it's more secure to turn it off in production settings.
 SHOW_STACKTRACE = True
 
-# Extract and use X-Forwarded-For/X-Forwarded-Proto headers?
+# Use all X-Forwarded headers when ENABLE_PROXY_FIX is True.
+# When proxying to a different port, set "x_port" to 0 to avoid downstream issues.
 ENABLE_PROXY_FIX = False
+PROXY_FIX_CONFIG = {"x_for": 1, "x_proto": 1, "x_host": 1, "x_port": 1, "x_prefix": 1}
 
 # ------------------------------
 # GLOBALS FOR APP Builder
-Original file line number
+Diff line change
@@ Expand Up / @@ -14,6 +14,7 @@ @@
     # See the License for the specific language governing permissions and
     # limitations under the License.
     #
+    *.ipynb
     *.bak
     *.db
     *.pyc
@@ Expand Down @@