[Rt-devel] lib/RT/Interface/Web.pm::Redirect() broken...?

Matthew Sullivan matthew at sorbs.net
Tue Dec 12 22:59:02 EST 2006 

v 3.6.1 (3.6.1_1 FreeBSD Ports)

Something caught me by surprise...  locally I have RT available by SSL 
and non SSL - I discourage the use of non-SSL, but don't stop it....

For debugging purposes only I added a couple of warnings to 
lib/RT/Interface/Web.pm::Redirect() the function and results are below...


sub Redirect {
    my $redir_to = shift; 
    untie $HTML::Mason::Commands::session;
    my $uri = URI->new($redir_to);
    my $server_uri = URI->new($RT::WebURL);
   
    warn("redir_to=$redir_to, WebURL=$RT::WebURL, uri->host=" . 
$uri->host . ", server_uri->host=" . $server_uri->host . ", uri->port=" 
. $uri->port . ", server_uri->port=" . $server_uri->port);
    # If the user is coming in via a non-canonical
    # hostname, don't redirect them to the canonical host,
    # it will just upset them (and invalidate their credentials)
    if ($uri->host  eq $server_uri->host &&
        $uri->port eq $server_uri->port) {
            $uri->host($ENV{'HTTP_HOST'});
            $uri->port($ENV{'SERVER_PORT'});
        }
       
    warn("Redirecting to:" . $uri->canonical);
    $HTML::Mason::Commands::m->redirect($uri->canonical);
    $HTML::Mason::Commands::m->abort;
}

Logged:

[Wed Dec 13 03:30:54 2006] [warning]: 
redir_to=https://rt-dev.sorbs.net:443/Ticket/Display.html?id=136504, 
WebURL=https://rt-dev.sorbs.net:443/, uri->host=rt-dev.sorbs.net, 
server_uri->host=rt-dev.sorbs.net, uri->port=443, server_uri->port=443 
at /usr/local/rt3/lib/RT/Interface/Web.pm line 190. 
(/usr/local/rt3/lib/RT/Interface/Web.pm:190)
[Wed Dec 13 03:30:54 2006] [warning]: Redirecting 
to:https://rt-dev.sorbs.net:80/Ticket/Display.html?id=136504 at 
/usr/local/rt3/lib/RT/Interface/Web.pm line 200. 
(/usr/local/rt3/lib/RT/Interface/Web.pm:200)

... I guess the question is why if the server_uri and uri are the same 
are we setting  uri to the envelope settings? ... I'm guessing that it's 
so you redirect back to the server regardless of the config setting.... 
but if you're doing that why not pickup the scheme...?

My fix until someone comes up with something better is:

sub Redirect {
    my $redir_to = shift; 
    untie $HTML::Mason::Commands::session;
    my $uri = URI->new($redir_to);
    my $server_uri = URI->new($RT::WebURL);
  
    # If the user is coming in via a non-canonical
    # hostname, don't redirect them to the canonical host,
    # it will just upset them (and invalidate their credentials)
    if ($uri->host  eq $server_uri->host &&
        $uri->port eq $server_uri->port) {
            $uri->host($ENV{'HTTP_HOST'});
            $uri->port($ENV{'SERVER_PORT'});
            $uri->scheme((exists $ENV{'SCRIPT_URI'} && 
$ENV{'SCRIPT_URI'} =~ /^https:/) ? "https" : "http");
        }
       
    $HTML::Mason::Commands::m->redirect($uri->canonical);
    $HTML::Mason::Commands::m->abort;
}


Regards,

Mat

More information about the Rt-devel mailing list