2

Context

We have a Docker container running Django on Azure. The container is served through a Azure Application Gateway.

Because Django is behind a a proxy you should use use the USE_X_FORWARDED_HOST setting to let Django fetch the hostname from that header. See this link for the documentation:

https://docs.djangoproject.com/en/3.0/ref/settings/#std:setting-USE_X_FORWARDED_HOST

Unfortunartly the Azure Application Gateway cannot provide the X-Forwarded-Host header, it does however provide a X-Original-Host.

Source: https://learn.microsoft.com/en-us/azure/application-gateway/how-application-gateway-works#modifications-to-the-request

According to this medium the X-Forwarded-Host header must be set at the public internet facing proxy. So I can not set it on the Nginx proxy running inside the docker container. I have tried with the settings below on Nginx, i see the X-Forwarded-Host is set but it doesn't get picked up by Django.

location / {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Headers' 'authorization, content-type';
        add_header 'X-Forwarded-Host' 'www.mydomain.com';
        proxy_set_header Host $host;
        proxy_redirect off;
        proxy_pass http://backend_api$request_uri;
    }

And also tried with proxy_set_header X-Forwarded-Host www.mydomain.com. I see the header is set in the response, but Django doesn't use it for the absolute urls.

Question

How can i let django use the X-Orignal-Host instead of the X-Forwarded-Host header? or hardcode the hostname in another way? Preferably I do not want to use the django.contrib.sites module, because it is build for multisite content management.

Florian
  • 725
  • 6
  • 27
  • 1
    You could configure your HA proxy in front of django to transform your headers and set `X-Forwarded-Host` according to `X-Original-Host`. – nima Jan 27 '20 at 13:23
  • Whay do you mean by HA proxy? – Florian Jan 27 '20 at 14:12
  • Any kind of webservers like `nginx` or `apache` etc. – nima Jan 27 '20 at 14:34
  • I have tried. I see the header come up in the response, but Django doesn't use it. The nginx is not public and already behind the Application Gateway. So I think thats why it doesn't work, not 100% sure why not. See the medium article I shared. – Florian Jan 27 '20 at 14:50

1 Answers1

2

I have solved my problem by writing custom middleware that copies the X_Original_Host to X_Forwarded_Host.

Add a file middleware.py with this content:

class MultipleProxyMiddleware:
    FORWARDED_FOR_FIELDS = [
        'HTTP_X_FORWARDED_FOR',
        'HTTP_X_FORWARDED_HOST',
        'HTTP_X_FORWARDED_SERVER',
    ]

    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        """
        Rewrites the proxy headers so that only the most
        recent proxy is used.
        """
        for field in self.FORWARDED_FOR_FIELDS:
            if field in request.META:
                if ',' in request.META[field]:
                    parts = request.META[field].split(',')
                    request.META[field] = parts[-1].strip()

        """
        Rewrites the X Original Host to X Forwarded Host header
        """
        if 'HTTP_X_ORIGINAL_HOST' in request.META:
            request.META['HTTP_X_FORWARDED_HOST'] = request.META['HTTP_X_ORIGINAL_HOST']

        return self.get_response(request)

And add it to your MIDDLEWARE settings:

MIDDLEWARE = [
    'wally.middleware.MultipleProxyMiddleware',
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    ....
]
Florian
  • 725
  • 6
  • 27