[tahoe-lafs-trac-stream] [Tahoe-LAFS] #1928: web redirects should use relative URLs

Tahoe-LAFS trac at tahoe-lafs.org
Sun Jan 31 14:24:57 UTC 2016 

#1928: web redirects should use relative URLs
-----------------------------------+----------------------------------
     Reporter:  leif               |      Owner:  davidsarah
         Type:  defect             |     Status:  assigned
     Priority:  normal             |  Milestone:  soon
    Component:  code-frontend-web  |    Version:  1.9.2
   Resolution:                     |   Keywords:  http redirect webapi
Launchpad Bug:                     |
-----------------------------------+----------------------------------

Comment (by leif):

 Replying to [comment:9 lpirl]:
 > As a workaround, you can make nginx modify responses accordingly, for
 example:
 >
 > {{{proxy_redirect http://example.com:8080/ http://example.com/;}}}
 >
 > See also
 [http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect
 nginx docs]

 I was going to suggest this should be added to [https://tahoe-
 lafs.org/pipermail/tahoe-dev/2012-January/007010.html lafs-rpg] until this
 bug is fixed... but then I decided to do some digging and see if the bug
 would actually be difficult to fix in Tahoe.

 What I found is that, at least with Twisted 13.0.0 and Nevow 0.11.1, the
 correct port number form the request's `Host` header is now included in
 the reponse's `Location` header! **So, the workarounds shouldn't be
 necessary anymore and we can put HTTP proxies in front of our web gateways
 and not end up with broken redirects.**

 Here is what I found while trying to determine how these redirects are
 made:

 * Various objects in Tahoe (in places like [https://github.com/tahoe-lafs
 /tahoe-lafs/blob/master/src/allmydata/web/directory.py#L578 directory.py])
 subclass Nevow's `rend.Page` and use its `addSlash` feature.
 * Nevow's
 [https://github.com/twisted/nevow/blob/397f5f789753a919c6f21b58a487db1b9fe8567a/nevow/rend.py#L540
 rend.Page] then calls `request.URLPath()` which I believe is from
 [https://twistedmatrix.com/trac/browser/tags/releases/twisted-15.5.0/twisted/web/server.py#L434
 twisted.web.server.Request.URLPath], which calls
 [https://twistedmatrix.com/trac/browser/tags/releases/twisted-15.5.0/twisted/python/urlpath.py#L174
 twisted.python.urlpath.URLPath.fromRequest] which calls back to
 [https://twistedmatrix.com/trac/browser/tags/releases/twisted-15.5.0/twisted/web/server.py#L430
 twisted.web.server.Request.prePathURL] which calls `_prePathURL` which
 finally calls
 [https://twistedmatrix.com/documents/current/api/twisted.web.http.Request.html#getHost
 twisted.web.http.Request.getHost] which returns a
 [https://twistedmatrix.com/documents/current/api/twisted.internet.tcp.Port.html
 twisted.internet.tcp.Port] from which it (`Request.getHost`) brazenly
 accesses the apparently-undocumented instance attribute `port` and stuffs
 it in a URL.
  * I was going to say this seems problematic as it would prevent Twisted's
 webserver from being run on other transports, like a UNIX Socket. So I
 created an example of that with `mkdir -p foo/bar; twistd -n web -p
 unix://tmp/unixweb  --path foo` and a made a TCP-to-unix proxy with `socat
 TCP4-LISTEN:8080,fork,reuseaddr unix://tmp/unixweb` and then sent a
 request with `curl -v http://127.0.0.1:8080/bar` ... but much to my
 surprise I got a response with `Location: http://127.0.0.1:8080/bar/`! So
 then I tested with Tahoe using my original instructions in this ticket
 description and found that the correct port number is now there as well.
 From reading the code I linked to above I'm not actually sure how this is
 happening, but it is.
   * I did find a case where a Twisted webserver listening on a UNIX socket
 produces bad redirects, though: When there are `HTTP/1.0` requests
 (meaning, without a `Host` header), the `Location` header in the response
 begins with `http://None/`).
  * I wonder if Twisted actually needs to make absolute redirects for some
 reason, or if it would be OK for it to start making relative redirects all
 the time?
 * For more gory details of `addSlash`, check out warner's
 [https://github.com/twisted/nevow/issues/52 Nevow issue #52: deprecation
 warning in addSlash redirects on py2.6], regarding Tahoe issue #2312.

 Anyway, although this problem is now not so bad anymore, I'm not going to
 close this ticket because I still think we should have relative redirects
 everywhere. Hopefully the links above will help me or someone else figure
 out how to make that happen in the future.

--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1928#comment:10>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage

More information about the tahoe-lafs-trac-stream mailing list