NextERP/documentation
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2d158c417e
documentation/content
History
Julien Castiaux 3d91c57b57 [IMP] developer/reference/cli: --proxy-mode 
Many customers struggle with their web server configuration, notably
regarding the `--proxy-mode` option and the way `X-Forwarded-*` HTTP
request headers are interpreted within Odoo.

The `--proxy-mode` section has been updated to cover the most common
misunderstandings and to give guidances on how to setup a web server.

Odoo always only takes the last entry of the `X-Forwarded-*` request
header because there are situations where it is not possible to
determine which last n-th entry to use. Employees might access their
odoo database via the internal network: connecting directly to nginx,
while customers might access the database via an additional proxy such
as cloudflare. The real IP of employees would be the last inside the
`X-Forwarded-For` chain, while the real IP of customers would be the
*second* last entry inside the chain. It would be incorrect to always
take the same nth last entry inside the chain. The cloudflare's own IP
address must be discarded from the chain. Web servers usually feature
a way to ignore trusted IP from the chain, a way so that the real IP
of the user is always the last entry inside the chain. Odoo relies on
such feature to be active and configured.

Prior discussions about `X-Forwarded-For`:
* odoo/odoo#104947
* odoo/odoo#118629
* odoo/odoo#139536

All `X-Forwarded-*` headers are ignored in case the `X-Forwarded-Host`
header is missing (even with `--proxy-mode`). System admin might be
tempted to not set this header and to set `Host` instead, this is
broken as this a user-agent would be able to spoof `X-Forwarded-Host`
and Odoo would use that instead of the correct `Host`.

Prior discussions about `X-Forwarded-Host`:
* odoo/odoo#63277
* odoo/odoo#70117

closes odoo/documentation#6729

Signed-off-by: Julien Castiaux (juc) <juc@odoo.com>
2023-12-01 14:31:10 +00:00
..
administration [IMP] upgrade: add note on bank synch neutralization 2023-11-22 11:19:47 +00:00
applications [ADD] website: mail groups 2023-11-28 08:49:30 +00:00
contributing [IMP] Contributing: typo seealso admonition 2023-11-23 16:11:07 +00:00
developer [IMP] developer/reference/cli: --proxy-mode 2023-12-01 14:31:10 +00:00
legal [FIX] legal: broken links to the support page 2023-09-26 09:42:50 +00:00
administration.rst [IMP] upgrade: create new "upgrade" section in "install and maintain" 2021-10-15 11:45:14 +00:00
applications.rst [ADD] attendances: hr and attendances categories + hardware page 2023-03-29 17:39:57 +02:00
contributing.rst [IMP] contributing: list the ways to contribute to Odoo 2022-12-08 16:10:24 +01:00
developer.rst [MOV] developer/cli: move "Command-line interface (CLI)" to the reference dir 2023-02-22 14:31:26 +01:00
index.rst [IMP] *: introduce tables of contents in top-level app pages 2021-07-07 14:56:38 +02:00
last_build.rst [FIX] *: RST cleanup 2023-02-14 14:27:44 +01:00
legal.rst [IMP] documentation: legal page design 2022-12-07 15:21:24 +01:00