From d77fe9c1853b046fb97f77e96416c4bcdf7de4d8 Mon Sep 17 00:00:00 2001
From: Antony Lesuisse <al@openerp.com>
Date: Mon, 24 Sep 2012 12:56:22 +0200
Subject: [PATCH] [FIX] restore poxy-mode command line option to prevent ip
 address impersonation

bzr revid: al@openerp.com-20120924105622-nb3iwe1vnuffqrbm
---
 openerp/service/wsgi_server.py | 2 +-
 openerp/tools/config.py        | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/openerp/service/wsgi_server.py b/openerp/service/wsgi_server.py
index 61556974a00..a73617d8510 100644
--- a/openerp/service/wsgi_server.py
+++ b/openerp/service/wsgi_server.py
@@ -402,7 +402,7 @@ def application_unproxied(environ, start_response):
     return [response]
 
 def application(environ, start_response):
-    if 'HTTP_X_FORWARDED_HOST' in environ:
+    if config['proxy_mode'] and 'HTTP_X_FORWARDED_HOST' in environ:
         return werkzeug.contrib.fixers.ProxyFix(application_unproxied)(environ, start_response)
     else:
         return application_unproxied(environ, start_response)
diff --git a/openerp/tools/config.py b/openerp/tools/config.py
index 58d1d3c9c82..18b442221c9 100644
--- a/openerp/tools/config.py
+++ b/openerp/tools/config.py
@@ -116,6 +116,8 @@ class configmanager(object):
                          help="specify the TCP port for the XML-RPC protocol", type="int")
         group.add_option("--no-xmlrpc", dest="xmlrpc", action="store_false", my_default=True,
                          help="disable the XML-RPC protocol")
+        group.add_option("--proxy-mode", dest="proxy_mode", action="store_true", my_default=False,
+                         help="Enable correct behavior when behind a reverse proxy")
         parser.add_option_group(group)
 
         # XML-RPC / HTTPS
@@ -394,7 +396,7 @@ class configmanager(object):
             'language', 'translate_out', 'translate_in', 'overwrite_existing_translations',
             'debug_mode', 'smtp_ssl', 'load_language',
             'stop_after_init', 'logrotate', 'without_demo', 'netrpc', 'xmlrpc', 'syslog',
-            'list_db', 'xmlrpcs',
+            'list_db', 'xmlrpcs', 'proxy_mode',
             'test_file', 'test_enable', 'test_commit', 'test_report_directory',
             'osv_memory_count_limit', 'osv_memory_age_limit', 'max_cron_threads', 'unaccent',
             'workers', 'limit_memory_hard', 'limit_memory_soft', 'limit_time_cpu', 'limit_time_real', 'limit_request'