[Bug 58189] New: Bugzilla adds a HTTP redirect when using saved searches
http://bugs.winehq.org/show_bug.cgi?id=58189 Bug ID: 58189 Summary: Bugzilla adds a HTTP redirect when using saved searches Product: WineHQ Bugzilla Version: unspecified Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: bugzilla-unknown Assignee: wine-bugs(a)winehq.org Reporter: imwellcushtymelike(a)gmail.com CC: austinenglish(a)gmail.com Distribution: --- Created attachment 78493 --> http://bugs.winehq.org/attachment.cgi?id=78493 Chrome security warning Using any of the lists on the left side of the Bugzilla page (Task lists / Saved Searches / etc.) adds a HTTP redirect, which Chrome loudly (but rightly) complains about. Cloudflare apparently responds with a HTTP 302 (Found) but gives a new location with HTTP instead of HTTPS. http://bugs.winehq.org/buglist.cgi?bug_status=UNCONFIRMED&bug_status=NEW&bug... Clicking "Continue" in Chrome attempts to connect with HTTP just to be redirected again with a HTTP 307 (Temporary Redirect) back to HTTP, and on it goes. It looks like the login cookie might be sent in cleartext. Somehow, I do eventually end up connecting via HTTPS, but Wireshark confirms that HTTP connections are being made, before being shut down by Chrome. My DNS logs show that Chrome does ask for the HTTPS entry in the record so *maybe* that's how it gets there... I really don't know. I imagine other areas are affected, not just the lists. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=58189 --- Comment #1 from Ken Sharp <imwellcushtymelike(a)gmail.com> --- Created attachment 78494 --> http://bugs.winehq.org/attachment.cgi?id=78494 Chrome dev console AFAIK Chrome won't give a simple text log, which would be much more useful than a screenshot. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=58189 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jnewman(a)codeweavers.com, | |julliard(a)winehq.org -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=58189 --- Comment #2 from Jeremy Newman <jnewman(a)codeweavers.com> --- This is not what I get. My Chrome console shows "Status Codes: 200 OK" not "302 Found". So I'm not sure how you are seeing what you are seeing. There are no http URLs in any of the redirects. However, if I issue a curl request to the Bugs website, I do see a 302 page. I did change the CloudFlare SSL mode. It was set to automatic, to detect the best SSL mode. But, just to see if it makes any difference I switched it to "Full (Strict)". We use an origin SSL cert between CloudFlare and our origin. This is generated by CloudFlare. All communication between CF<->Bugs.WineHQ.org should be forced to SSL mode. Behind the scenes Anubis is http between Apache and the HTTPs Proxy. It goes like this: CloudFlare HTTPS (CDN) <-> Apache HTTPS (Origin Proxy) <-> Anubis HTTP (localhost only) <-> Apache HTTP (localhost only) <-> Bugzilla Perl Website So if there is an issue, it may be something with how Anubis does things. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=58189 Ken Sharp <imwellcushtymelike(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #3 from Ken Sharp <imwellcushtymelike(a)gmail.com> --- Seems to have solved it. Chrome shows that there is still a HTTP redirect, but now it only occurs once and Chrome seems happy. Of course it could also have been a Chrome issue. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=58189 --- Comment #4 from Ken Sharp <imwellcushtymelike(a)gmail.com> --- This *appears* to have returned but I suspect it's simply being caused by a timeout, so Bug 58323. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=58189 Ken Sharp <imwellcushtymelike(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #5 from Ken Sharp <imwellcushtymelike(a)gmail.com> --- Closing -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
WineHQ Bugzilla