summary refs log tree commit diff
diff options
context:
space:
mode:
authorRichard van der Hoff <1389908+richvdh@users.noreply.github.com>2021-02-26 13:24:54 +0000
committerGitHub <noreply@github.com>2021-02-26 13:24:54 +0000
commite53f11bd62b3fbf5ae3def707998235e63e82afa (patch)
treeaa45c7dcaa9d0d0db3201a347744ef7c1fa20521
parentTest that we require validated email for email pushers (#9496) (diff)
downloadsynapse-e53f11bd62b3fbf5ae3def707998235e63e82afa.tar.xz
Call out the need for an X-Forwarded-Proto in the upgrade notes (#9501)
-rw-r--r--CHANGES.md6
-rw-r--r--UPGRADE.rst20
-rw-r--r--changelog.d/9472.feature2
-rw-r--r--changelog.d/9501.feature1
4 files changed, 28 insertions, 1 deletions
diff --git a/CHANGES.md b/CHANGES.md
index d584d342d7..d9ecbac440 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,9 @@
+Synapse 1.xx.0
+==============
+
+Note that synapse now expects an `X-Forwarded-Proto` header when used with a reverse proxy. Please see [UPGRADE.rst](UPGRADE.rst#upgrading-to-v1290) for more details on this change.
+
+
 Synapse 1.28.0 (2021-02-25)
 ===========================
 
diff --git a/UPGRADE.rst b/UPGRADE.rst
index 6f628a6947..e852b806c2 100644
--- a/UPGRADE.rst
+++ b/UPGRADE.rst
@@ -85,6 +85,26 @@ for example:
      wget https://packages.matrix.org/debian/pool/main/m/matrix-synapse-py3/matrix-synapse-py3_1.3.0+stretch1_amd64.deb
      dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb
 
+Upgrading to v1.29.0
+====================
+
+Requirement for X-Forwarded-Proto header
+----------------------------------------
+
+When using Synapse with a reverse proxy (in particular, when using the
+`x_forwarded` option on an HTTP listener), Synapse now expects to receive an
+`X-Forwarded-Proto` header on incoming HTTP requests. If it is not set, Synapse
+will log a warning on each received request.
+
+To avoid the warning, administrators using a reverse proxy should ensure that
+the reverse proxy sets `X-Forwarded-Proto` header to `https` or `http` to
+indicate the protocol used by the client. See the [reverse proxy
+documentation](docs/reverse_proxy.md), where the example configurations have
+been updated to show how to set this header.
+
+(Users of `Caddy <https://caddyserver.com/>`_ are unaffected, since we believe it
+sets `X-Forwarded-Proto` by default.)
+
 Upgrading to v1.27.0
 ====================
 
diff --git a/changelog.d/9472.feature b/changelog.d/9472.feature
index 2ea14e2d62..06cfd5d199 100644
--- a/changelog.d/9472.feature
+++ b/changelog.d/9472.feature
@@ -1 +1 @@
-Add support for `X-Forwarded-Proto` header when using a reverse proxy. Administrators using a reverse proxy should ensure this header is set to avoid warnings. See [docs/workers.md](docs/workers.md) for example configurations.
+Add support for `X-Forwarded-Proto` header when using a reverse proxy.
diff --git a/changelog.d/9501.feature b/changelog.d/9501.feature
new file mode 100644
index 0000000000..06cfd5d199
--- /dev/null
+++ b/changelog.d/9501.feature
@@ -0,0 +1 @@
+Add support for `X-Forwarded-Proto` header when using a reverse proxy.