From 56e75e4aef3ea42d13b192e805c48357b0071239 Mon Sep 17 00:00:00 2001
From: Jens Harbott <frickler@offenerstapel.de>
Date: Tue, 28 Sep 2021 20:02:34 +0200
Subject: [PATCH] Fix uwsgi config for trailing slashes

The apache mod_proxy documentation[0] says that trailing slashes need to
match for the ProxyPass statement. Since adding a slash to the redirected
url would break things that need to access endpoints like /identity
without anything added, we need to drop the trailing slash for the
target URL. See [1] for the discussion of the CVE fix that changed the
previous behavior.

[0] https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypass
[1] https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1945274

Depends-On: https://review.opendev.org/c/openstack/devstack/+/811389
Change-Id: Ia6b1a41957833fba87a2e6f048d2483267632385
---
 lib/apache | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/apache b/lib/apache
index 04259ba31f..4bea07dc55 100644
--- a/lib/apache
+++ b/lib/apache
@@ -303,7 +303,7 @@ function write_uwsgi_config {
         apache_conf=$(apache_site_config_for $name)
         iniset "$file" uwsgi socket "$socket"
         iniset "$file" uwsgi chmod-socket 666
-        echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}/\" retry=0 " | sudo tee -a $apache_conf
+        echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}\" retry=0 " | sudo tee -a $apache_conf
         enable_apache_site $name
         restart_apache_server
     fi