[asterisk-bugs] [JIRA] (ASTERISK-26355) ari: Swagger basePath url always set to http protocol

Dan Jenkins (JIRA) noreply at issues.asterisk.org
Mon Sep 12 02:54:01 CDT 2016


     [ https://issues.asterisk.org/jira/browse/ASTERISK-26355?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dan Jenkins updated ASTERISK-26355:
-----------------------------------

    Description: 
When asterisk http.conf is setup for TLS and HTTPS is available. The URL given in basePath of all of the ARI documents is set to http.

In http.conf I had set http to bind to 127.0.0.1 and https to bind to 0.0.0.0 so that you could only connect to Asterisk HTTP using https. 

However, the http protocol is hard coded in res/res_ari.c

We'd want to know which protocol was being used to access a document and use that protocol when rendering out the json documents because you may have http enabled and https enabled for different reasons under different domains etc.

Thinking about this some more, we would also want to look for the X-Forwarded-Proto header in case someone is terminating HTTPS at a HTTP Reverse-Proxy such as nginx

  was:
When asterisk http.conf is setup for TLS and HTTPS is available. The URL given in basePath of all of the ARI documents is set to http.

In http.conf I had set http to bind to 127.0.0.1 and https to bind to 0.0.0.0 so that you could only connect to Asterisk HTTP using https. 

However, the http protocol is hard coded in res/res_ari.c

We'd want to know which protocol was being used to access a document and use that protocol when rendering out the json documents because you may have http enabled and https enabled for different reasons under different domains etc.


> ari: Swagger basePath url always set to http protocol
> -----------------------------------------------------
>
>                 Key: ASTERISK-26355
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26355
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_ari
>    Affects Versions: 12.8.2, 13.11.2, 14.0.0-beta2
>            Reporter: Dan Jenkins
>
> When asterisk http.conf is setup for TLS and HTTPS is available. The URL given in basePath of all of the ARI documents is set to http.
> In http.conf I had set http to bind to 127.0.0.1 and https to bind to 0.0.0.0 so that you could only connect to Asterisk HTTP using https. 
> However, the http protocol is hard coded in res/res_ari.c
> We'd want to know which protocol was being used to access a document and use that protocol when rendering out the json documents because you may have http enabled and https enabled for different reasons under different domains etc.
> Thinking about this some more, we would also want to look for the X-Forwarded-Proto header in case someone is terminating HTTPS at a HTTP Reverse-Proxy such as nginx



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list