From f66cde51d7db0e47a0decedea3796759a2cb495c Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Tue, 13 Feb 2024 11:28:12 -0500 Subject: [PATCH] More locked down websocket path * Previously, the nginx location would match on /foo/websocket... or /foo/api/websocket... Now, we require these two paths to start at the root i.e. /websocket/... /api/websocket/... * Note: We now also require an ending / and do NOT support /websocket_foobar but DO support /websocket/foobar. This was always the intended behavior. We want to keep /api/websocket/... "open" and routing to daphne in case we want to add more websocket urls in the future. --- .../ansible/roles/sources/templates/nginx.locations.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/docker-compose/ansible/roles/sources/templates/nginx.locations.conf.j2 b/tools/docker-compose/ansible/roles/sources/templates/nginx.locations.conf.j2 index 95c86cb9ee..fd2b89a691 100644 --- a/tools/docker-compose/ansible/roles/sources/templates/nginx.locations.conf.j2 +++ b/tools/docker-compose/ansible/roles/sources/templates/nginx.locations.conf.j2 @@ -10,7 +10,7 @@ location {{ (ingress_path + '/favicon.ico').replace('//', '/') }} { alias /awx_devel/awx/public/static/favicon.ico; } -location ~ ({{ (ingress_path + '/websocket').replace('//', '/') }}|{{ (ingress_path + '/api/websocket').replace('//', '/') }}) { +location ~ ^({{ (ingress_path + '/websocket/').replace('//', '/') }}|{{ (ingress_path + '/api/websocket/').replace('//', '/') }}) { # Pass request to the upstream alias proxy_pass http://daphne; # Require http version 1.1 to allow for upgrade requests