The Content-Security-Policy[^1] http header was only set on the response
generated by controllers but it was missing from the `/<module>/static/`
route.
It is not strictly necessary to set that header on the responses comming
from that routes as it is not possible to add new static files or edit
existing ones via the interface (not even as admin). Only the developers
and system administrator can access those files.
It is also worth mentionning that using the Odoo internal web server to
deliver static files is suboptimal. Outside of a dev environment, those
files will typically be delivered via a web server[^2] and sysadmins
should configure their web server to set the CSP header on static images.
[^1]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
[^2]: https://www.odoo.com/documentation/master/administration/install/deploy.html#serving-static-files-and-attachmentsclosesodoo/documentation#6949
X-original-commit: f3f44fe5f2
Related: odoo/odoo#146582
Signed-off-by: Julien Castiaux (juc) <juc@odoo.com>
Install nginx using the nginx configuration found in the documentation
and changes the `listen` port to 8080. Start Odoo in `--proxy-mode`.
listen 8080;
server_name mycompany.odoo.com;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
location / {
proxy_pass http://127.0.0.1:8069;
}
Inside your browser, access "http://mycompany.odoo.com:8080" you are
wrongly redirected to "http://mycompany.odoo.com:80".
Odoo uses the `X-Forwarded-Host` http header value to generate new URls,
in this configuration `$host` only contains the domain (=hostname using
the urllib terminology) instead of the domain+port (=netloc). The
variable that contains both the domain and the port is actually
`$http_host`.
closesodoo/documentation#6940Closes: odoo/odoo#64643
X-original-commit: 09c42c5896
Signed-off-by: Antoine Vandevenne (anv) <anv@odoo.com>
Signed-off-by: Julien Castiaux (juc) <juc@odoo.com>
Updated the chart of accounts page. Forward to master.
16.3 -> Change "ellipsis" menu button
17 -> Change "Setup" to "View"
taskid-3609365
closesodoo/documentation#6912
X-original-commit: b617b47ab2
Signed-off-by: Tom Aarab (toaa) <toaa@odoo.com>
Before this commit, when doing the reconciliation of the table present in the
cheat sheet, the second reconciliation was wrong because the "Invoice 1" should
be reconciled with the twos partials payment. This Pr correct that by changing
the find parameter to target the partials also.
closesodoo/documentation#6899
Task: 3633468
X-original-commit: 053fb768e6
Signed-off-by: Antoine Vandevenne (anv) <anv@odoo.com>
Signed-off-by: Maximilien La Barre (malb) <malb@odoo.com>
Official packages for wkhtmltopdf 0.12.5 are no more released since the
release of wkhtmltopdf 0.12.6 in 2020. Debian 10 "Buster" and Ubuntu
20.04 "Focal" were the last system for which 0.12.5 was built[^1].
Installing 0.12.5 on a Ubuntu 22.04 "Jammy" (using the Focal package)
fails for outdated dependencies.
Official packages for wkhtmltopdf 0.12.6 are published on another
repository[^2] than 0.12.5 used to, it includes packages for 0.12.6 for
both Debian 11 "Bullseye" and Ubuntu 22.04 "Jammy". Version 0.12.6.1-r3
is compatible out-of-the-box with Odoo and has been used by runbot to
test all 16.x, 17.x and master branches for the past month.
This work makes it official that [wkhtmltopdf 0.12.6.1-r3] must be used
for Odoo 16.0 and onward.
[^1]: https://github.com/wkhtmltopdf/wkhtmltopdf/releases/tag/0.12.5
[^2]: https://github.com/wkhtmltopdf/packaging/releases
[wkhtmltopdf 0.12.6.1-r3]: https://github.com/wkhtmltopdf/packaging/releases/tag/0.12.6.1-3closesodoo/documentation#6796
X-original-commit: e5d77ee285
Signed-off-by: Julien Castiaux (juc) <juc@odoo.com>
The preferred/safe way of running Odoo is with a standard user, with
only the right to create a database.
See b6b73551dbclosesodoo/documentation#6761
X-original-commit: df8114e591
Signed-off-by: Antoine Vandevenne (anv) <anv@odoo.com>
Signed-off-by: William André (wan) <wan@odoo.com>
Many customers struggle with their web server configuration, notably
regarding the `--proxy-mode` option and the way `X-Forwarded-*` HTTP
request headers are interpreted within Odoo.
The `--proxy-mode` section has been updated to cover the most common
misunderstandings and to give guidances on how to setup a web server.
Odoo always only takes the last entry of the `X-Forwarded-*` request
header because there are situations where it is not possible to
determine which last n-th entry to use. Employees might access their
odoo database via the internal network: connecting directly to nginx,
while customers might access the database via an additional proxy such
as cloudflare. The real IP of employees would be the last inside the
`X-Forwarded-For` chain, while the real IP of customers would be the
*second* last entry inside the chain. It would be incorrect to always
take the same nth last entry inside the chain. The cloudflare's own IP
address must be discarded from the chain. Web servers usually feature
a way to ignore trusted IP from the chain, a way so that the real IP
of the user is always the last entry inside the chain. Odoo relies on
such feature to be active and configured.
Prior discussions about `X-Forwarded-For`:
* odoo/odoo#104947
* odoo/odoo#118629
* odoo/odoo#139536
All `X-Forwarded-*` headers are ignored in case the `X-Forwarded-Host`
header is missing (even with `--proxy-mode`). System admin might be
tempted to not set this header and to set `Host` instead, this is
broken as this a user-agent would be able to spoof `X-Forwarded-Host`
and Odoo would use that instead of the correct `Host`.
Prior discussions about `X-Forwarded-Host`:
* odoo/odoo#63277
* odoo/odoo#70117closesodoo/documentation#6740
X-original-commit: 3d91c57b57
Signed-off-by: Julien Castiaux (juc) <juc@odoo.com>
The lambda function here is useless and makes newdooers think
they need to use it everytime.
`default=fields.Date.add(fields.Date.today(), months=3))`
should do the trick, no lambda involved.
closesodoo/documentation#6628
X-original-commit: 620508fb29
Signed-off-by: Antoine Vandevenne (anv) <anv@odoo.com>
Signed-off-by: Claire Bretton (clbr) <clbr@odoo.com>
The "../technical-training-sandbox" is added too early in the path since
its still empty, and results into an "invalid addons-path" error.
X-original-commit: 8707609b38
Part-of: odoo/documentation#6628
