adds x_header configuration option for use behind proxies

Closes #299

Author: vlaurenzano

kernel_gateway/gatewayapp.py

@@ -2,22 +2,23 @@
 # Distributed under the terms of the Modified BSD License.
 """Kernel Gateway Jupyter application."""
 
-import os
-import socket
 import errno
-import logging
-import nbformat
 import importlib
+import logging
+import os
 import signal
+import socket
+from distutils.util import strtobool
 
+import nbformat
 from notebook.services.kernels.kernelmanager import MappingKernelManager
 
 try:
     from urlparse import urlparse
 except ImportError:
     from urllib.parse import urlparse
 
-from traitlets import Unicode, Integer, default, observe, Type, Instance, List
+from traitlets import Unicode, Integer, default, observe, Type, Instance, List, CBool
 
 from jupyter_core.application import JupyterApp, base_aliases
 from jupyter_client.kernelspec import KernelSpecManager
@@ -174,6 +175,15 @@ def allow_origin_default(self):
     def expose_headers_default(self):
         return os.getenv(self.expose_headers_env, '')
 
+    trust_xheaders_env = 'KG_TRUST_XHEADERS'
+    trust_xheaders = CBool(False, config=True,
+        help='Use x-* header values for overriding the remote-ip, useful when application is behing a proxy. (KG_TRUST_XHEADERS env var)'
+    )
+    @default('trust_xheaders')
+    def trust_xheaders_default(self):
+        return strtobool(os.getenv(self.trust_xheaders_env, 'False'))
+
+
     max_age_env = 'KG_MAX_AGE'
     max_age = Unicode(config=True,
         help='Sets the Access-Control-Max-Age header. (KG_MAX_AGE env var)'
@@ -505,6 +515,7 @@ def init_http_server(self):
         """
         ssl_options = self._build_ssl_options()
         self.http_server = httpserver.HTTPServer(self.web_app,
+                                                 xheaders=self.trust_xheaders,
                                                  ssl_options=ssl_options)
 
         for port in random_ports(self.port, self.port_retries+1):

kernel_gateway/tests/test_gatewayapp.py

@@ -43,6 +43,8 @@ def test_config_env_vars(self):
         os.environ['KG_KEYFILE'] = '/test/fake.key'
         os.environ['KG_CERTFILE'] = '/test/fake.crt'
         os.environ['KG_CLIENT_CA'] = '/test/fake_ca.crt'
+        os.environ['KG_TRUST_XHEADERS'] = 'false'
+
 
         app = KernelGatewayApp()
 
@@ -65,6 +67,17 @@ def test_config_env_vars(self):
         self.assertEqual(app.keyfile, '/test/fake.key')
         self.assertEqual(app.certfile, '/test/fake.crt')
         self.assertEqual(app.client_ca, '/test/fake_ca.crt')
+        self.assertEqual(app.trust_xheaders, False)
+
+    def test_trust_xheaders(self):
+
+        app = KernelGatewayApp()
+        self.assertEqual(app.trust_xheaders, False)
+        os.environ['KG_TRUST_XHEADERS'] = 'true'
+        app = KernelGatewayApp()
+        self.assertEqual(app.trust_xheaders, True)
+
+
 
 class TestGatewayAppBase(AsyncHTTPTestCase, ExpectLog):
     """Base class for integration style tests using HTTP/Websockets against an