Oauth2 redirect_uri has https but still on port 80

[mirkomarchiori]

Hi, I am using the Oauth2 integration and Superset is installed on Kubernetes (Ingress nginx with use-forwarded-headers enabled) and SSL termination is done on an external HAProxy instance that is balancing the cluster's worker nodes.

I have the ENABLE_PROXY_FIX = True parameter set, which configures the redirect_uri value with https, but the problem is that for some reason the URL is set with the port :80, therefore superset still advertises the redirect url to the oauth2 server like this: https://<FQDN REDACTED>:80/<PATH REDACTED>, which breaks the authentication.

I've tried with and without the ENABLE_PROXY_FIX variable, and also by setting the redirect_uri inside oauth2 provider remote_app section of the python code (in the helm chart values), but nothing makes it change that port.

For this reason, I think this is not related to a faulty proxy/headers setting.

Am I doing something wrong? Do I need to configure something on superset? I didn't find any info on this on the documentation or on previous issues.

Thanks.

[dosubot[bot]]

Hello @mirkomarchiori! I'm here to assist you with any bugs, questions, or contributions. Let's tackle this OAuth2 issue together.

I found a similar unsolved discussion titled "Superset redirects to http from https" which might be related to your issue ^[1].

Regarding your issue with the redirect_uri using port 80 despite SSL termination being handled externally, the ENABLE_PROXY_FIX setting should indeed help Superset correctly interpret the X-Forwarded headers, including the port. However, if this is not resolving the issue, you might want to check the configuration of your Ingress controller and HAProxy to ensure they are correctly setting the X-Forwarded-Port header.

Additionally, ensure that the PROXY_FIX_CONFIG in your superset_config.py is set to consider the x_port header:

PROXY_FIX_CONFIG = {"x_for": 1, "x_proto": 1, "x_host": 1, "x_port": 1, "x_prefix": 1}

This configuration should help Superset use the correct port in the redirect_uri. If the issue persists, it might be worth reviewing the HAProxy configuration to ensure it is not inadvertently setting or overriding the port in the headers.

To continue talking to Dosu, mention @dosu.

---

^{Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Other}

[mirkomarchiori]

Tried both, but it doesn't make any difference.

[mirkomarchiori]

Actually, setting "x_port": 0 in PROXY_FIX_CONFIG solved the issue, as mentioned by this comment: #17126 (comment)