You are here: Foswiki>Tasks Web>Item2597 (09 Jan 2015, GeorgeClark)Edit Attach

Item2597: login script redirect sometimes misses hostname part

pencil
Priority: Normal
Current State: No Action Required
Released In: n/a
Target Release: n/a
Applies To: Engine
Component: login
Branches:
Reported By: PaulHarvey
Waiting For:
Last Change By: GeorgeClark
This is really hard to reproduce. We have had users on IRC occasionally come in to talk about this, but nobody has been able to reproduce. Now I can reliably trigger it on a test installation of Foswiki 1.0.9-rc1 which runs in parallel to my production 1.0.8 installation.

This is not the normal sequence of events that naturally occur to trigger the bug; I can never quite remember how this pops up in normal use. I also use an unorthodox apache config (my own variant of ShortURLs)

So the following steps should not be discounted as an unlikely sequence; it's just another method of reproducing the bug.

  • Logged out
  • Edit a topic
  • Redirected to login prompt URL:
    https://wiki.org/test/bin/login/Main/PaulHarvey?t=1262758695;origurl=/test/bin/edit/Main/PaulHarvey%3ft%3d1262758695
  • Insert a '/' at beginning of origurl param, as follows:
    https://wiki.org/test/bin/login/Main/PaulHarvey?t=1262758695;origurl=//test/bin/edit/Main/PaulHarvey%3ft%3d1262758695
  • Hit enter in the address bar (Iceweasel 3.0.12)
  • Enter login details, submit
  • Browser redirected to a URL without hostname, Ie.:
    https://test/bin/edit/Main/PaulHarvey?foswiki_redirect_cache=deadbeef1234567890abcdef

Confirmed on a vanilla out of the box Foswiki-1.0.9-rc1, will attach apache config

-- PaulHarvey - 06 Jan 2010


I can't see much wrong with that. The protocol is optional, and an absolute URL can simply be a double-slash and a server name, optionally followed by a path on that server. By adding the extra / at the start of the URL, you are changing it from a URL that is relative to the current server, to an absolute URL on server 'test'.

I'm sure you are seeing a bug somewhere, but you are not reproducing it above, as the code correctly handles your edited URL.

With regards to the "real" bug, are you using URL rewriting?

-- CrawfordCurrie - 06 Jan 2010

Yes, I am using URL re-writing. I am pretty sure that each case of missing hostname redirects that I've had are a result of // URLs. But these aren't necessarily a result of dodgy apache rules, Eg.,

Is '//' really the way the origurl takes you to an absolute URL? Shouldn't it have a full protocol:// specification instead?

I've had at least one user on my own wiki come across this problem. It was with an attachment. They said it didn't work the first time they clicked, but did when they tried again. I suppose this person was logged in the second time they tried to access the protected attachment URL. I am grepping my server logs for clues.

-- PaulHarvey - 06 Jan 2010

The problem seems to be the redirect to the // instead of just /

Either we have a bug in redirect code or a bug in the recommended way to setup short URLs.

I would hope there is a ApacheConfigGenerator fix for this and I doubt this is a new thing in 1.0.9.

In fact - does the current ApacheConfigGenerator generate rewrite rules that makes double //?

This foswiki.org site does not do it.

-- KennethLavrsen - 07 Jan 2010

Paul explained what the actual use case it.

People simply use the form http://somehost/%SCRIPTURLPATH{"edit"}%/%WEB%/%TOPIC% because this looks natual. But the SCRIPTURLPATH starts by a / and this creates the //

I think it should be addressed. But it is not an urgent bug because correct use of SCRIPTURLPATH works. Downgrading to normal.

-- KennethLavrsen - 09 Jan 2010

IRC chat today points to RedirectPlugin as another culprit, generating foo.com//urls

-- PaulHarvey - 17 Feb 2010

Give Tasks.Item8599 a look if somebody is looking at fixing this (probably me I suppose)

-- PaulHarvey - 22 Feb 2010

See also: Item2288 and Item2083

-- PaulHarvey - 21 Apr 2010

This is still happening on trunk r7231

Patch below "fixes" the problem... personally I think it's an acceptable solution:
  • It's the web browser here trying to interpret //foo/bar as an absolute URL.
  • In that situation there is nothing you can do in Foswiki to even detect you are getting these errors:
    • there are no log hits, browser is trying to access a null hostname
    • your only feedback will be from users
      • who may or may not get around to informing a site admin
      • because their second attempt at visiting a foo.com//foo/bar link will mysteriously work after having logged in
      • even if they do inform the site admin that "the link went blank" (will they mention it was blank after log-in?), will they remember which "bad' link they clicked?

On my own wiki, we've had a person originally create a topic which used something like
[[%PUBURLPATH%/Foo/Bar]]
. Also, in some circumstances (Item8551) RedirectPlugin will happily generate //links through no fault of the user.

On the other hand, I can appreciate that second-guessing URL strings could be considered bad.


Adds a test:

-- PaulHarvey - 21 Apr 2010

Not sure why this was left waiting for me, I don;t have any more to offer on it....

-- CrawfordCurrie - 23 May 2010

You gave me feedback on IRC instead of here. You said it would be better to emit an inline error if a link is generated than patch up the redirect logic.

I don't think this will catch as many scenarios as first patch here would (eg. manual < a href="//link... vs [[//link]] ), but it would be better than nothing.

-- PaulHarvey - 24 May 2010

This still fails in 1.1.3beta1 - the redirect looses the hostname. From chrome: The webpage at http://bin/edit/Tasks/Item2597?validation_key=23bf824759ff1e187e4428d0d78e8ee2

-- GeorgeClark - 13 Mar 2011

I believe that this is resolved on 1.2. The origurl parameter is no longer passed as a query parm in the location bar.

-- GeorgeClark - 09 Jan 2015

ItemTemplate edit

Summary login script redirect sometimes misses hostname part
ReportedBy PaulHarvey
Codebase 1.0.9, trunk
SVN Range
AppliesTo Engine
Component login
Priority Normal
CurrentState No Action Required
WaitingFor
Checkins
TargetRelease n/a
ReleasedIn n/a
CheckinsOnBranches
trunkCheckins
masterCheckins
ItemBranchCheckins
Release01x01Checkins
I Attachment Action Size Date Who Comment
Item2597.diffdiff Item2597.diff manage 2 K 21 Apr 2010 - 06:09 PaulHarvey  
foswiki-109.confconf foswiki-109.conf manage 7 K 06 Jan 2010 - 06:44 PaulHarvey  
Topic revision: r14 - 09 Jan 2015, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy