Edgewall Software

Opened 14 years ago

Closed 11 years ago

Last modified 7 years ago

#8131 closed defect (fixed)

Protocol http is hard coded in rss feeds.

Reported by: Oleksiy Gorelov <Oleksiy.Gorelov@…> Owned by: Jun Omae
Priority: normal Milestone: 0.12.3
Component: web frontend Version: 0.11
Severity: normal Keywords: rss http timeline
Cc: carsten.klein@…, Thijs Triemstra Branch:
Release Notes:
API Changes:
Internal Changes:


When downloading a rss feed from reports page , all links inside the rss always begin with http. But if the Trac site is served via https, then generated links are wrong.

Trac:	0.11
Python:	2.5.2 (r252:60911, Apr 21 2008, 11:12:42) 
          [GCC 4.2.3 (Ubuntu 4.2.3-2ubuntu7)]
setuptools:	0.6c9
SQLite:	3.5.9
pysqlite:	2.4.1
Genshi:	0.6dev-r999
Pygments:	1.0
Subversion:	1.5.1 (r32289)
jQuery:	1.2.3

It looks like:

<?xml version="1.0"?>
<rss xmlns:dc="http://purl.org/dc/elements/1.1/" version="2.0">

    <title>Trac: Ticket Query</title>
    <description>Issues Tracking Portal</description>
    <generator>Trac 0.11</generator>
        <guid isPermaLink="false">http://mysite.com:8007/cgi-bin/trac.cgi/ticket/27</guid>

Attachments (0)

Change History (17)

comment:1 by ebray, 14 years ago

Do you have the base_url option set properly in your trac.ini file?

comment:2 by Oleksiy Gorelov <Oleksiy.Gorelov@…>, 14 years ago

Yes it is set correctly but it is possible to access the site using both http (in LAN) and https (internet). Do you mean that Trac uses the protocol from the base_url in all cases assuming that the site is accessible only through the one protocol?

comment:3 by ebray, 14 years ago

Ah, I see. I know this has come up before elsewhere and has been resolved. But I don't know much about it since all my sites are HTTPS-only, so I don't know too much more about the issue myself.

This may be one of those cases where not setting the base_url option might work, as Trac will try to reconstruct the URL using the correct protocol.

in reply to:  2 comment:4 by Christian Boos, 14 years ago

Milestone: 0.11.6

Replying to Oleksiy Gorelov <Oleksiy.Gorelov@…>:

Do you mean that Trac uses the protocol from the base_url in all cases assuming that the site is accessible only through the one protocol?

This shouldn't be needed for this specific case. We should check.

comment:5 by Christian Boos, 14 years ago

Keywords: verify added

comment:6 by Carsten Klein <carsten.klein@…>, 13 years ago

In trac.web.api.Request#init it adds

self.abs_href = Href(self.base_url)

So it will always use base_url.

Perhaps extending Href to use variable protocols based on the current request protocol would do the trick?

comment:7 by Carsten Klein <carsten.klein@…>, 13 years ago

Cc: carsten.klein@… added

comment:8 by Christian Boos, 12 years ago

Or simply an req.rss_href which would be a middle ground, reconstruct the base from req as if base_url was not specified.

comment:9 by Thijs Triemstra, 12 years ago

Cc: Thijs Triemstra added
Keywords: verify removed

comment:10 by Jun Omae, 11 years ago

If the Trac serves via SSL reverse proxy, req.abs_href generates http://... (e.g. Apache reverse proxy with SSL, Apache mod_wsgi backends and connecting to the backends with http).

A solution often is adding RequestHeader X-Forwarded-Proto https to Apache reverse proxy and checking HTTP_X_FORWARDED_PROTO header in the backend.

  • trac/web/main.py

    diff -r 3c44e9b70f43 trac/web/main.py
    a b  
    400400    environ.setdefault('trac.locale', '')
    401401    environ.setdefault('trac.base_url',
    402402                       os.getenv('TRAC_BASE_URL'))
     404    # If HTTP_X_FORWARDED_PROTO is set 'https', the Trac serves via SSL reverse
     405    # proxy
     406    if environ.get('HTTP_X_FORWARDED_PROTO') == 'https':
     407        environ['wsgi.url_scheme'] = 'https'
    405409    locale.setlocale(locale.LC_ALL, environ['trac.locale'])

comment:11 by Jun Omae, 11 years ago

Component: report systemweb frontend
Owner: set to Jun Omae
Status: newassigned

comment:12 by Jun Omae, 11 years ago

A related ticket is #6013.

I think the issue should be fixed. Any comments?

comment:13 by Christian Boos, 11 years ago

Wouldn't this code better fit in source:tags/trac-0.12.2/trac/web/wsgi.py@#L73?

comment:14 by Jun Omae, 11 years ago

I wonder that a user must append HTTPS on to the each backend server if a reverse proxy server hides backend servers. And, if the server provides both http and https, that is not good.

In the case, it should append to the configuration on the only reverse proxy server, I think.

comment:15 by Christian Boos, 11 years ago

Sorry, I meant using your code, but that it should rather be placed in wsgi.py rather than in main.py, so that we have all the logic related to setting up environ['wsgi.url_scheme'] in one place.

comment:16 by Jun Omae, 11 years ago

Your suggestion is the same as attachment:ticket:6013:x_forwarded_proto.patch. Of course, your suggestion is better than mine!

Ok, I'll apply #6013's patch later.

comment:17 by Jun Omae, 11 years ago

Milestone: next-minor-0.12.x0.12.3
Resolution: fixed
Status: assignedclosed

Committed in [10853].

Modify Ticket

Change Properties
Set your email in Preferences
as closed The owner will remain Jun Omae.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Jun Omae to the specified user.

Add Comment

E-mail address and name can be saved in the Preferences .
Note: See TracTickets for help on using tickets.