Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

302 Redirects should be sent as relative URLs #2081

Open
faceless2 opened this issue Nov 26, 2024 · 4 comments
Open

302 Redirects should be sent as relative URLs #2081

faceless2 opened this issue Nov 26, 2024 · 4 comments

Comments

@faceless2
Copy link

Describe the bug
Proxying Gollum behind an HTTPS server would be a lot easier if, whenever a 302 Redirect is sent, it was sent as a relative URL.

For example, on new setup if I visit "http://wiki.local:4567/" I get the following

HTTP/1.1 302 Found
Location: http://wiki.local:4567/Home

The host+port are always specified and the scheme for the Location header is always "http". This is a problem if I have a web proxy in front of Gollum wrapping the connection in HTTPS, I have to rewrite the headers.

The Location header does not have to use an absolute path - if Gollum sent Location: /Home that's equally valid, and requires no special processing if I have a proxy in front of it.

Tested with gollum 6.0.0
@bartkamphorst
Copy link
Member

Sounds reasonable to me! Would you like to attempt a PR to change the Response headers?

@faceless2
Copy link
Author

If I could, I would :-) I don't speak Ruby, and it looks like the URL is being given to the webserver API as a relative URL, so I assume it's being converted to an absolute URL within that API. This behaviour seems odd to me, hopefully it can be overridden.

@bartkamphorst
Copy link
Member

Okay, so I don't think I'm seeing the same behavior in development. Here's the logs for hitting root with an empty git repository:

127.0.0.1 - - [02/Dec/2024:07:40:22 CET] "GET / HTTP/1.1" 302 0
- -> /
127.0.0.1 - - [02/Dec/2024:07:40:22 CET] "GET /Home HTTP/1.1" 302 0
- -> /Home
127.0.0.1 - - [02/Dec/2024:07:40:22 CET] "GET /gollum/create/Home HTTP/1.1" 200 28925
- -> /gollum/create/Home

What's the setup you're using? Webserver etc.?

@faceless2
Copy link
Author

faceless2 commented Dec 2, 2024
edited
Loading

Really simple:

$ git clone https://github.com/gollum/gollum
$ cd gollum
$ mkdir wiki
$ cd wiki
$ git init
$ cd ..
$ bin/gollum wiki
[2024-12-02 08:57:35] INFO  WEBrick 1.9.0   
[2024-12-02 08:57:35] INFO  ruby 3.0.2 (2021-07-07) [x86_64-linux-gnu]
== Sinatra (v4.1.1) has taken the stage on 4567 for production with backup from WEBrick
[2024-12-02 08:57:35] INFO  WEBrick::HTTPServer#start: pid=962310 port=4567
127.0.0.1 - - [02/Dec/2024:08:57:58 GMT] "GET /wiki HTTP/1.1" 302 0
- -> /wiki

In another shell:

$ curl -D- http://localhost:4567/wiki
HTTP/1.1 302 Found
Location: http://localhost:4567/gollum/create/wiki
Content-Type: text/html;charset=utf-8
Content-Length: 0
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Server: WEBrick/1.9.0 (Ruby/3.0.2/2021-07-07)
Date: Mon, 02 Dec 2024 08:57:58 GMT
Connection: Keep-Alive

You can see the Location header I'm receiving is not the one Gollum thinks it's sending.

Incidentally as you're looking in this area, there are also a whole lot of other headers it would be useful to have control over - if I wanted to removeX-Frame-Options for example, or change other headers. This would make it easier to do things like put gollum in a Frame. It's tangental to this issue, but while you're looking...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bartkamphorst @faceless2