Edgewall Software
Modify

Opened 2 months ago

Closed 6 weeks ago

Last modified 6 weeks ago

#13415 closed defect (fixed)

tracd is redirecting to http when using https

Reported by: jkoan@… Owned by: Jun Omae
Priority: normal Milestone: 1.4.4
Component: web frontend/tracd Version: 1.4
Severity: normal Keywords: https, redirect
Cc: Branch:
Release Notes:

Fix wrong redirect when tracd serves https protocol.

API Changes:
Internal Changes:

Description (last modified by Jun Omae)

Hi,

we are using tracd for a small internal team on a non standard port. Recently we switched to https for internal reasons. So we added the required parameters to tracd and restarted. At first glance everything was fine. But after some days we noticed that sometimes Trac was sending us back to http. First we thought about the browser cache. But after some debugging I found out that trac was redirecting us to http via the Location http header.

The first solution was to switch use_base_url_for_redirect on inside [trac] But due to the concerns about use_base_url_for_redirect from the docs i wanted to find a better solution.

So i debugged and found out that the scheme=http is set from the WSGIGateway.__init__ where some additional checks are also performt. One of those is if the environment has the Variable HTTPS set to "yes". So i added a workaround to tracd (trac.web.standalone)

I added the following to the case where httpd.socket = ssl.wrap_socket(...) is also called as this seems appropriate.

httpd.environ["HTTPS"]="yes"

Attachments (0)

Change History (6)

comment:1 by Jun Omae, 2 months ago

Description: modified (diff)
Keywords: wsgi http removed

comment:2 by Jun Omae, 2 months ago

Are you saying you've patched like this?

  • trac/web/standalone.py

    diff --git a/trac/web/standalone.py b/trac/web/standalone.py
    index 5b41b6802..41a414acc 100755
    a b def main():  
    346346                httpd.socket = ssl.wrap_socket(httpd.socket, server_side=True,
    347347                                               certfile=args.certfile,
    348348                                               keyfile=args.keyfile)
     349                httpd.environ['HTTPS'] = 'yes'
    349350            httpd.serve_forever()
    350351    elif args.protocol in ('scgi', 'ajp', 'fcgi'):
    351352        def serve():

comment:3 by Jun Omae, 2 months ago

Milestone: 1.4.4
Owner: set to Jun Omae
Status: newassigned

Well, that makes sense.

in reply to:  2 comment:4 by jkoan@…, 2 months ago

Replying to Jun Omae:

Are you saying you've patched like this?

  • trac/web/standalone.py

    diff --git a/trac/web/standalone.py b/trac/web/standalone.py
    index 5b41b6802..41a414acc 100755
    a b def main():  
    346346                httpd.socket = ssl.wrap_socket(httpd.socket, server_side=True,
    347347                                               certfile=args.certfile,
    348348                                               keyfile=args.keyfile)
     349                httpd.environ['HTTPS'] = 'yes'
    349350            httpd.serve_forever()
    350351    elif args.protocol in ('scgi', 'ajp', 'fcgi'):
    351352        def serve():

exactly

comment:5 by Jun Omae, 6 weeks ago

Keywords: tracd removed
Release Notes: modified (diff)
Resolution: fixed
Status: assignedclosed

Committed in [17558] and merged in [17559].

comment:6 by Jun Omae, 6 weeks ago

Release Notes: modified (diff)

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Jun Omae.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Jun Omae to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.