From 39aa1dddf264d2ec71327fe095a94efeec9b893f Mon Sep 17 00:00:00 2001
From: Stefano Alberto Russo <stefano.russo@gmail.com>
Date: Thu, 14 Jan 2021 17:07:30 +0100
Subject: [PATCH] Fixed in the proxy and Django settigns to let the Open ID
 connect redirects to work properly.

---
 services/proxy/default-ssl.conf          | 4 +++-
 services/webapp/code/rosetta/settings.py | 5 ++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/services/proxy/default-ssl.conf b/services/proxy/default-ssl.conf
index a52f5b0..1124d7d 100644
--- a/services/proxy/default-ssl.conf
+++ b/services/proxy/default-ssl.conf
@@ -133,7 +133,9 @@
                 downgrade-1.0 force-response-1.0
         # MSIE 7 and newer should be able to use keepalive
         BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
-        
+
+    # Required for the Open ID connect redirects to work properly
+    RequestHeader set X-Forwarded-Proto 'https' env=HTTPS        
 
     </VirtualHost>
 </IfModule>
diff --git a/services/webapp/code/rosetta/settings.py b/services/webapp/code/rosetta/settings.py
index 8d89571..6b49a22 100644
--- a/services/webapp/code/rosetta/settings.py
+++ b/services/webapp/code/rosetta/settings.py
@@ -263,8 +263,11 @@ if OIDC_RP_CLIENT_ID:
     LOGIN_REDIRECT_URL = '/'
     LOGOUT_REDIRECT_URL = '/'
     LOGIN_REDIRECT_URL_FAILURE = '/'
-    
+    #OIDC_AUTHENTICATION_CALLBACK_URL = 'rosetta.local/oidc/callback/'
 
+    # Required for the Open ID connect redirects to work properly
+    USE_X_FORWARDED_HOST = True
+    SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
 
 
 
-- 
GitLab