Context Navigation

Modify ↓

#13415 closed defect (fixed)

tracd is redirecting to http when using https

Reported by:	jkoan@…	Owned by:	Jun Omae
Priority:	normal	Milestone:	1.4.4
Component:	web frontend/tracd	Version:	1.4
Severity:	normal	Keywords:	https, redirect
Cc:		Branch:
Release Notes:	Fix wrong redirect when `tracd` serves https protocol.
API Changes:
Internal Changes:

Description (last modified by Jun Omae)

Hi,

we are using tracd for a small internal team on a non standard port. Recently we switched to https for internal reasons. So we added the required parameters to tracd and restarted. At first glance everything was fine. But after some days we noticed that sometimes Trac was sending us back to http. First we thought about the browser cache. But after some debugging I found out that trac was redirecting us to http via the Location http header.

The first solution was to switch use_base_url_for_redirect on inside [trac] But due to the concerns about use_base_url_for_redirect from the docs i wanted to find a better solution.

So i debugged and found out that the scheme=http is set from the WSGIGateway.__init__ where some additional checks are also performt. One of those is if the environment has the Variable HTTPS set to "yes". So i added a workaround to tracd (trac.web.standalone)

I added the following to the case where httpd.socket = ssl.wrap_socket(...) is also called as this seems appropriate.

httpd.environ["HTTPS"]="yes"

Attachments (0)

Change History (6)

comment:1 by Jun Omae, 3 years ago

Description:	modified (diff)
Keywords:	wsgi http removed

follow-up: 4 comment:2 by Jun Omae, 3 years ago

Are you saying you've patched like this?

trac/web/standalone.py

diff --git a/trac/web/standalone.py b/trac/web/standalone.py
index 5b41b6802..41a414acc 100755

                def main():
                 httpd.socket = ssl.wrap_socket(httpd.socket, server_side=True,
                                                certfile=args.certfile,
                                                keyfile=args.keyfile)
+                httpd.environ['HTTPS'] = 'yes'
             httpd.serve_forever()
     elif args.protocol in ('scgi', 'ajp', 'fcgi'):
         def serve():

comment:3 by Jun Omae, 3 years ago

Milestone:	→ 1.4.4
Owner:	set to Jun Omae
Status:	new → assigned

Well, that makes sense.

in reply to: 2 comment:4 by jkoan@…, 3 years ago

Replying to Jun Omae:

Are you saying you've patched like this?
trac/web/standalone.py
diff --git a/trac/web/standalone.py b/trac/web/standalone.py
index 5b41b6802..41a414acc 100755
a b def main():

346 346 httpd.socket = ssl.wrap_socket(httpd.socket, server_side=True,

347 347 certfile=args.certfile,

348 348 keyfile=args.keyfile)

349 httpd.environ['HTTPS'] = 'yes'

349 350 httpd.serve_forever()

350 351 elif args.protocol in ('scgi', 'ajp', 'fcgi'):

351 352 def serve():

exactly

comment:5 by Jun Omae, 3 years ago

Keywords:	tracd removed
Release Notes:	modified (diff)
Resolution:	→ fixed
Status:	assigned → closed

Committed in [17558] and merged in [17559].

comment:6 by Jun Omae, 3 years ago

Release Notes:	modified (diff)

Modify Ticket

Change Properties

Summary:
Description:	Hi, we are using `tracd` for a small internal team on a non standard port. Recently we switched to https for internal reasons. So we added the required parameters to `tracd` and restarted. At first glance everything was fine. But after some days we noticed that sometimes Trac was sending us back to http. First we thought about the browser cache. But after some debugging I found out that trac was redirecting us to http via the Location http header. The first solution was to switch `use_base_url_for_redirect` on inside `[trac]` But due to the concerns about `use_base_url_for_redirect` from the docs i wanted to find a better solution. So i debugged and found out that the `scheme=http` is set from the `WSGIGateway.__init__` where some additional checks are also performt. One of those is if the environment has the Variable `HTTPS` set to `"yes"`. So i added a workaround to `tracd` (trac.web.standalone) I added the following to the case where `httpd.socket = ssl.wrap_socket(...)` is also called as this seems appropriate. {{{#!python httpd.environ["HTTPS"]="yes" }}} You may use WikiFormatting here.
Type:		Priority:
Milestone:		Component:
Version:		Severity:
Keywords:		Cc:	Set your email in Preferences
Branch:
Release Notes:	Fix wrong redirect when `tracd` serves https protocol.
API Changes:
Internal Changes:

Action

leave as closed The owner will remain Jun Omae.

reopen The resolution will be deleted. Next status will be 'reopened'.

change ownership to The owner will be changed from Jun Omae to the specified user.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats:

Context Navigation

#13415 closed defect (fixed)

tracd is redirecting to http when using https

Description (last modified by Jun Omae)

Attachments (0)

Change History (6)

comment:1 by Jun Omae, 3 years ago

follow-up: 4 comment:2 by Jun Omae, 3 years ago

trac/web/standalone.py

comment:3 by Jun Omae, 3 years ago

in reply to: 2 comment:4 by jkoan@…, 3 years ago

trac/web/standalone.py

comment:5 by Jun Omae, 3 years ago

comment:6 by Jun Omae, 3 years ago

Modify Ticket

Add Comment

by anonymous

Download in other formats: