Invalid URL error accurs only with Apache and mod_wsgi
#1
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
I'm experiencing a problem that appears only when I run it with Apache and
mod_wsgi
. Generally the website runs fine (it looks and feels great BTW, good job!) but in production mode, when I click on the setup button, I don't get forwarded to the elements choice page - nothing happens and I can see this debug message in my apache logs:From some reason the double
/
afterhttps
becomes a single/
and the URL is marked as invalid. There is no error message or something alike printed in the website telling the user there is a problem with the URL so that's another problem.Here is the relevant part of my
httpd.conf
:I have successfully managed to reproduce this issue using Apache2+mod_wsgi and can confirm the issue. However, it is not related to HRSS but to Apache2 which removes duplicate slashes (like in
http://
) because of the following RFC 1630 :Since the slashes are implying a hierarchical structure is /foo//bar is
equivalent in the hierarchy to /foo/bar.
Apache is implementing this RFC statement very carefully, unlike nginx which is more permissive.
The issue would be resolved by using POST requests instead of GET requests which would mean the links as in
/setup/<url>
would not be shareable anymore (is it really a problem?).Wow, well done on the investigation! As for your question, using
POST
instead ofGET
won't matter too much for me. Not having the ability to use the/setup/<url>
links is a price I'm willing to pay. I wonder though if there's a workaround for that..Hello again, @hipstercat.
Today I've encountered a web app written in Go called bugzillatoatom which does a similar job to hrss. I noticed that it accepts a URL in a form and redirects you to an RSS page. I think it uses
POST
but it converts the special characters like/
and:
in the input URL to their corresponding URL percent codes.Do you think this method could be used in Hrss as well? This should work as a workaround for this problem as well right?
Thanks.
Autoclosed the issue by mistake. I implemented this workaround in commit
7872bd31af
Does it work on your end now?
The redirect to the setup page works well with the encoded URL but I don't see any HTML inside the element selection.
Should be fixed by
64f6e33b34
It is okay for you?
Still the same.
The iframe URL is still not urlencoded like this?
It's encoded OK. The problem wasn't that, It was a Cross origin resource sharing denial. Here's an error message from the element inspector:
I've partly solved by adding to my
httpd.conf
:Which removed the error message but from some reason the webpages inside the frame don't have any CSS applied to them:
And that was solved by adding to
httpd.conf
:I see this issue as solved, unless you have anything to add?
Looks like you had Apache options which conflicted with HRSS. X-Frame-Options is a HTTP header which restricts the use of iframes. The default is to permit iframe on most websites, unless specified by this directive. This issue happens because of extended security you have set on your Apache installation, which has nothing to do with HRSS unfortunately.
As a result, I can indeed close this ticket. Thank you for the reporting the initial issue.