[rt-users] https bug [Resolved]

Yan Fitterer y.fitterer at ram.ac.uk
Mon Apr 29 07:30:58 EDT 2002


Hi,

Thought I'd share the resolution to my original problem (mixing http & https while 
keeping all web links and Email templates working):

The answer uses the relative URI scheme (//domain.name/path/etc), but the 
solution is to apply that to the $WebImagesURL config var. If one sets it to 
something like:  

//domain.com/NoAuth/images

then everything works, I believe. The web urls get worked out OK by the browsers, 
and that doesn't affect those included in email templates, thus solving the original 
problem without affecting anything else.

As we say in French, CQFD!

Bye
Yan

PS: CQFD = "Ce Qu'il Fallait Demontrer", or in other words, "Gotcha!"

----  On 25 Apr 2002, at 6:14, Dan Riley wrote:  ----

> Smylers <smylers at gbdirect.co.uk> writes:
> > Yesterday Dan Riley wrote:
> > > Relative URLs, including //example.com/rt, /rt and ../rt, have been in
> > > every URL/URI standard I know of since RFC 1630 (Berners-Lee, June
> > > 1994).  The only browser I know of that got any of them wrong was the
> > > original NeXTStep browser T.B-L wrote at CERN ...
> 
> I guess I should have mentioned that there have been URI/URL standards
> since that supersede RFC 1630 (I probably also should have noted that
> RFC 1630 is an "informational" RFC, not an IETF standard).
> 
> > Brief testing yesterday (by coincidence, and nothing to do with 'RT')
> > uncovered what looks like a bug in the way 'IE' and 'Mozilla' handle
> > relative URLs.  If you're currently viewing this page:
> > 
> >   http://www.example.com/Search/Listing.html
> > 
> > then by my reading of RFC 1630, a relative URL such as this:
> > 
> >   <a href="?ClearRestrictions=1">New search</a>
> > 
> > should resolve to this absolute URL:
> > 
> >   http://www.example.com/Search/?ClearRestrictions=1
> > 
> > but in 'IE' and 'Mozilla' it comes out as the following, failing to
> > disgard the bit following the final slash:
> > 
> >   http://www.example.com/Search/Listing.html?ClearRestrictions=1
> > 
> > (If my understanding of RFC 1630 is wrong and 'IE' and 'Mozilla' are
> > right, then 'Lynx' get's it wrong cos it does it t'other one.  Either
> > way round there seems to be a broken browser somewhere.)
> 
> Looks like you've found a spot where the standards haven't been
> consistent.  I agree with your reading of RFC 1630.  However, RFC 1630
> was superseded by RFC 1808 in June 1995, and 1808 clearly agrees with
> IE and Mozilla.  RFC 1808, in turn, was "updated" by RFC 2396 August
> 1998, and RFC 2396 appears to say that "?ClearRestrictions=1" isn't a
> valid relative URI--2396 has the BNF:
> 
>       relativeURI   = ( net_path | abs_path | rel_path ) [ "?" query ]
>       rel_path      = rel_segment [ abs_path ]
>       rel_segment   = 1*( unreserved | escaped |
>                           ";" | "@" | "&" | "=" | "+" | "$" | "," )
> 
> '?' doesn't appear in rel_segment, and the stuff in relativeURI before
> '?' looks like it can't be empty.  The examples in appendix C includes
> a "?..." example, which says that given
> 
>       http://a/b/c/d;p?q
> 
> it should resolve as
> 
>       ?y            =  http://a/b/c/?y
> 
> However, according to Roy Fielding (the primary author), this is an
> error.  http://www.ics.uci.edu/~fielding/url/test1.html says:
> 
> ?y         =  http://a/b/c/d;p?y          [R,X,5]*Bug in RFC examples
>               http://a/b/c/?y             [1,2,3,4]
> 
> so the 2396 example is incorrect, the answer is supposed to be
> "http://a/b/c/d;p?y", and many browsers get it wrong.  I guess this
> also means the BNF is wrong.
> 
> What a mess!
> 
> Conclusion?  IE and Mozilla are right, Lynx is wrong, as are many
> other browsers--enough that "don't do that" is probably the only
> safe answer.  I'd try to use "Listing.html?ClearRestrictions=1" or
> "./?ClearRestrictions=1", depending on the desired behavior.
> 
> -- 
> "The mere tendency of speech to encourage unlawful acts is not a
> sufficient reason for banning it. [...]  The right to think is the
> beginning of freedom, and speech must be protected from the government
> because speech is the beginning of thought."  --Anthony Kennedy
> 
> _______________________________________________
> rt-users mailing list
> rt-users at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-users


-- 
Yan Fitterer
IT Manager, Royal Academy of Music
E-mail : y.fitterer at ram.ac.uk
Marylebone Rd, London, NW1 5HT
Phone (+44) 20 7873 7365 Fax (+44) 20 7873 7364
  





More information about the rt-users mailing list