#8131 closed defect (fixed)
Protocol http is hard coded in rss feeds.
| Reported by: | Owned by: | Jun Omae | |
|---|---|---|---|
| Priority: | normal | Milestone: | 0.12.3 |
| Component: | web frontend | Version: | 0.11 |
| Severity: | normal | Keywords: | rss http timeline |
| Cc: | carsten.klein@…, Thijs Triemstra | Branch: | |
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
When downloading a rss feed from reports page , all links inside the rss always begin with http. But if the Trac site is served via https, then generated links are wrong.
Trac: 0.11
Python: 2.5.2 (r252:60911, Apr 21 2008, 11:12:42)
[GCC 4.2.3 (Ubuntu 4.2.3-2ubuntu7)]
setuptools: 0.6c9
SQLite: 3.5.9
pysqlite: 2.4.1
Genshi: 0.6dev-r999
Pygments: 1.0
Subversion: 1.5.1 (r32289)
jQuery: 1.2.3
It looks like:
<?xml version="1.0"?>
<rss xmlns:dc="http://purl.org/dc/elements/1.1/" version="2.0">
<channel>
<title>Trac: Ticket Query</title>
<link>http://mysite.com:8007/cgi-bin/trac.cgi/query?status=accepted&status=assigned&
status=new&status=reopened&status=testing&
group=functionalarea&milestone=Testing&row=description</link>
<description>Issues Tracking Portal</description>
<language>en-US</language>
<image>
<title>Trac</title>
<url>http://mysite.com:8007/cgi-bin/trac.cgi/chrome/site/logo.jpg</url>
<link>http://mysite.com:8007/cgi-bin/trac.cgi/query?status=accepted&status=assigned&
status=new&status=reopened&status=testing&
group=functionalarea&milestone=Testing&row=description</link>
</image>
<generator>Trac 0.11</generator>
<item>
<link>http://mysite.com:8007/cgi-bin/trac.cgi/ticket/27</link>
<guid isPermaLink="false">http://mysite.com:8007/cgi-bin/trac.cgi/ticket/27</guid>
Attachments (0)
Change History (17)
comment:1 by , 15 years ago
follow-up: 4 comment:2 by , 15 years ago
Yes it is set correctly but it is possible to access the site using both http (in LAN) and https (internet). Do you mean that Trac uses the protocol from the base_url in all cases assuming that the site is accessible only through the one protocol?
comment:3 by , 15 years ago
Ah, I see. I know this has come up before elsewhere and has been resolved. But I don't know much about it since all my sites are HTTPS-only, so I don't know too much more about the issue myself.
This may be one of those cases where not setting the base_url option might work, as Trac will try to reconstruct the URL using the correct protocol.
comment:4 by , 15 years ago
| Milestone: | → 0.11.6 |
|---|
Replying to Oleksiy Gorelov <Oleksiy.Gorelov@…>:
Do you mean that Trac uses the protocol from the base_url in all cases assuming that the site is accessible only through the one protocol?
This shouldn't be needed for this specific case. We should check.
comment:5 by , 15 years ago
| Keywords: | verify added |
|---|
comment:6 by , 14 years ago
In trac.web.api.Request#init it adds
self.abs_href = Href(self.base_url)
So it will always use base_url.
Perhaps extending Href to use variable protocols based on the current request protocol would do the trick?
comment:7 by , 14 years ago
| Cc: | added |
|---|
comment:8 by , 14 years ago
Or simply an req.rss_href which would be a middle ground, reconstruct the base from req as if base_url was not specified.
comment:9 by , 13 years ago
| Cc: | added |
|---|---|
| Keywords: | verify removed |
comment:10 by , 13 years ago
If the Trac serves via SSL reverse proxy, req.abs_href generates http://... (e.g. Apache reverse proxy with SSL, Apache mod_wsgi backends and connecting to the backends with http).
A solution often is adding RequestHeader X-Forwarded-Proto https to Apache reverse proxy and checking HTTP_X_FORWARDED_PROTO header in the backend.
-
trac/web/main.py
diff -r 3c44e9b70f43 trac/web/main.py
a b 400 400 environ.setdefault('trac.locale', '') 401 401 environ.setdefault('trac.base_url', 402 402 os.getenv('TRAC_BASE_URL')) 403 403 404 # If HTTP_X_FORWARDED_PROTO is set 'https', the Trac serves via SSL reverse 405 # proxy 406 if environ.get('HTTP_X_FORWARDED_PROTO') == 'https': 407 environ['wsgi.url_scheme'] = 'https' 404 408 405 409 locale.setlocale(locale.LC_ALL, environ['trac.locale']) 406 410
comment:11 by , 13 years ago
| Component: | report system → web frontend |
|---|---|
| Owner: | set to |
| Status: | new → assigned |
comment:12 by , 13 years ago
A related ticket is #6013.
I think the issue should be fixed. Any comments?
comment:13 by , 13 years ago
Wouldn't this code better fit in source:tags/trac-0.12.2/trac/web/wsgi.py@#L73?
comment:14 by , 13 years ago
I wonder that a user must append HTTPS on to the each backend server if a reverse proxy server hides backend servers. And, if the server provides both http and https, that is not good.
In the case, it should append to the configuration on the only reverse proxy server, I think.
comment:15 by , 13 years ago
Sorry, I meant using your code, but that it should rather be placed in wsgi.py rather than in main.py, so that we have all the logic related to setting up environ['wsgi.url_scheme'] in one place.
comment:16 by , 13 years ago
Your suggestion is the same as attachment:ticket:6013:x_forwarded_proto.patch. Of course, your suggestion is better than mine!
Ok, I'll apply #6013's patch later.
comment:17 by , 13 years ago
| Milestone: | next-minor-0.12.x → 0.12.3 |
|---|---|
| Resolution: | → fixed |
| Status: | assigned → closed |
Committed in [10853].
Do you have the base_url option set properly in your trac.ini file?