Bug#429272: More info

2007-06-18 Thread Sam Morris 
Ah, so at least now I know where the additional request/response ended
up! There is still something puzzling going on, however.

If we look at the web.http.redirect function, we can see that it starts:

if url.startswith("/"):
newloc = web.ctx.homepath + url
else:
newloc = url

I can't really see how this is reconciled with RFC2616's requirement
that the value of the Location header be an absolute URI (including a
scheme and a host, etc). I checked the docs at
 and saw that web.ctx.homepath is not
documented, so I am not certain what it is supposed to be set to. But
even if web.ctx.homepath is supposed to be a full absolute URI, if the
redirection target does not start with a slash then an absolute URI
won't be generated.

Anyway, it seems that with SCGI, web.ctx.homepath is only set to an
empty string, which I assume is not correct! :)

While debugging this, I created a URL handler that prints out the
contents of web.ctx and compared its output between running the
application with CGI and with SCGI. The differences are as follows:

CGI:
 web.ctx.home = 'http://blah.com/cgi-bin/foo'
 web.ctx.homepath = '/cgi-bin/occs'

SCGI:
 web.ctx.home = 'http://blah.com'
 web.ctx.homepath = ''

So, it seems to be that the 'redirect' function would be more correct if
it did this:

if url.startswith ('/'):
newloc = urllib.urljoin (web.ctx.home, url)
else:
newloc = urllib.urljoin (web.ctx.home + os.path.dirname 
(web.ctx.path), url)

What do you think?

-- 
Sam Morris
http://robots.org.uk/

PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078


signature.asc
Description: This is a digitally signed message part

Bug#429272: Fwd: [webpy] Re: Fwd: Bug#429272: More info

2007-06-18 Thread Kai Hendry 

-- Forwarded message --
From: Anand <[EMAIL PROTECTED]>
Date: Jun 18, 2007 5:01 PM
Subject: [webpy] Re: Fwd: Bug#429272: More info
To: [EMAIL PROTECTED]




A bug is already filed for this.

https://bugs.launchpad.net/webpy/+bug/118236


On 18-Jun-07, at 9:16 PM, Kai Hendry wrote:


Hi guys,

Sam sounds like he has had a bit of trouble with redirects with
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429272

How do you like his suggestion?

Kind regards,

-- Forwarded message --
From: Sam Morris <[EMAIL PROTECTED]>
Date: Jun 18, 2007 4:36 PM
Subject: Re: Bug#429272: More info
To: [EMAIL PROTECTED]
Cc: Allan Saddi <[EMAIL PROTECTED]>, Kai Hendry <[EMAIL PROTECTED]>


Ah, so at least now I know where the additional request/response ended
up! There is still something puzzling going on, however.

If we look at the web.http.redirect function, we can see that it
starts:

if url.startswith("/"):
newloc = web.ctx.homepath + url
else:
newloc = url

I can't really see how this is reconciled with RFC2616's requirement
that the value of the Location header be an absolute URI (including a
scheme and a host, etc). I checked the docs at
<http://webpy.infogami.com/docs> and saw that web.ctx.homepath is not
documented, so I am not certain what it is supposed to be set to. But
even if web.ctx.homepath is supposed to be a full absolute URI, if the
redirection target does not start with a slash then an absolute URI
won't be generated.

Anyway, it seems that with SCGI, web.ctx.homepath is only set to an
empty string, which I assume is not correct! :)

While debugging this, I created a URL handler that prints out the
contents of web.ctx and compared its output between running the
application with CGI and with SCGI. The differences are as follows:

CGI:
 web.ctx.home = 'http://blah.com/cgi-bin/foo'
 web.ctx.homepath = '/cgi-bin/occs'

SCGI:
 web.ctx.home = 'http://blah.com'
 web.ctx.homepath = ''

So, it seems to be that the 'redirect' function would be more
correct if
it did this:

if url.startswith ('/'):
newloc = urllib.urljoin (web.ctx.home, url)
else:
newloc = urllib.urljoin (web.ctx.home + os.path.dirname
(web.ctx.path), url)

What do you think?

--
Sam Morris
http://robots.org.uk/

PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078

>
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQBGdqaNshl/216gEHgRAviiAJ0QDkQN/4l3HCHrat59ciqKHsfDaACgyLDr
HeZBzYXvhJvSGdvSqGTWMqU=
=7t2h
-END PGP SIGNATURE-



--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google
Groups "web.py" group.
To post to this group, send email to [EMAIL PROTECTED]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/webpy?hl=en
-~--~~~~--~~--~--~---


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#429272: Fwd: Bug#429272: More info

2007-06-17 Thread Kai Hendry 

Forwarding Allan's insight...

-- Forwarded message --
From: Allan Saddi <[EMAIL PROTECTED]>
Date: Jun 17, 2007 4:53 PM
Subject: Re: Bug#429272: More info
To: [EMAIL PROTECTED]


Hi Kai,

I'm not aware of it, but it looks like the problem's been solved by
Sam Morris in his Sun, 17 Jun 2007 09:14:12 +0100 message. It seems
to be an issue with Webpy 0.21.

But I don't think it's really a bug, just a "feature" of Apache
HTTPD. Non-absolute redirects are treated as internal redirects -
hence the client never sees an actual 3xx response. I remember this
because there was some recent discussion about it in the Python Web-
SIG mailing list (the thread titled "Internal redirect using Location
with absolute path and status of 200.")

- Allan

On Jun 17, 2007, at 4:00 AM, Kai Hendry wrote:


Hi Allan,

Are you aware of this bug?
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429272

Kind regards,

-- Forwarded message --
From: Sam Morris <[EMAIL PROTECTED]>
Date: Jun 17, 2007 9:14 AM
Subject: Bug#429272: More info
To: [EMAIL PROTECTED]


I dumped the conversation between scgitest.py and mod_scgi when webpy
0.20 was installed. I think I've found the cause of the bug:

   --- scgi-dump-bug   2007-06-16 18:39:20.0 +0100
   +++ scgi-dump-ok2007-06-16 18:39:31.0 +0100
   -T 127.0.0.1:40232 -> 127.0.0.1:44979 [AP]
   +T 127.0.0.1:40232 -> 127.0.0.1:54787 [AP]
  53 74 61 74 75 73 3a 2033 30 32 20 46 6f 75 6e
Status: 302 Foun
  64 0d 0a 43 6f 6e 74 656e 74 2d 54 79 70 65 3a
d..Content-Type:
  20 74 65 78 74 2f 68 746d 6c 0d 0a 4c 6f 63 61
text/html..Loca
   -  74 69 6f 6e 3a 20 2f 6f6b 0d 0a 43 6f 6e 74 65tion:
/ok..Conte
   -  6e 74 2d 4c 65 6e 67 7468 3a 20 30 0d 0a 0d 0a
nt-Length: 0
   -##
   -T 127.0.0.1:44980 -> 127.0.0.1:40232 [AP]
   -  39 38 39 3a 43 4f 4e 5445 4e 54 5f 4c 45 4e 47
989:CONTENT_LENG
   +  74 69 6f 6e 3a 20 68 7474 70 3a 2f 2f tion:
http://XXX
   +  XX

   +   2f 6f 6b 0d 0a 43
XX/ok..C
   +  6f 6e 74 65 6e 74 2d 4c65 6e 67 74 68 3a 20 30
ontent-Length: 0
   +  0d 0a 0d 0a   
   +
   +T 127.0.0.1:54788 -> 127.0.0.1:40232 [AP]
   +  38 35 30 3a 43 4f 4e 5445 4e 54 5f 4c 45 4e 47
850:CONTENT_LENG
  54 48 00 30 00 53 43 4749 00 31 00 53 45 52 56
TH.0.SCGI.1.SERV
  45 52 5f 53 4f 46 54 5741 52 45 00 41 70 61 63
ER_SOFTWARE.Apac
  68 65 2f 32 2e 32 00 5345 52 56 45 52 5f 50 52
he/2.2.SERVER_PR

Webpy 0.20 gives an absolute URL as the value of the Location header
whereas 0.21 only gives a relative URL, which is not allowed by the
http
spec <http://www.w3.org/Protocols/rfc2616/rfc2616-
sec14.html#sec14.30>.

--
Sam Morris
http://robots.org.uk/

PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078



smime.p7s
Description: S/MIME cryptographic signature

Bug#429272: More info

2007-06-17 Thread Sam Morris 
I dumped the conversation between scgitest.py and mod_scgi when webpy
0.20 was installed. I think I've found the cause of the bug:

--- scgi-dump-bug   2007-06-16 18:39:20.0 +0100
+++ scgi-dump-ok2007-06-16 18:39:31.0 +0100
-T 127.0.0.1:40232 -> 127.0.0.1:44979 [AP]
+T 127.0.0.1:40232 -> 127.0.0.1:54787 [AP]
   53 74 61 74 75 73 3a 2033 30 32 20 46 6f 75 6eStatus: 302 
Foun
   64 0d 0a 43 6f 6e 74 656e 74 2d 54 79 70 65 3a
d..Content-Type:
   20 74 65 78 74 2f 68 746d 6c 0d 0a 4c 6f 63 61 
text/html..Loca
-  74 69 6f 6e 3a 20 2f 6f6b 0d 0a 43 6f 6e 74 65tion: 
/ok..Conte
-  6e 74 2d 4c 65 6e 67 7468 3a 20 30 0d 0a 0d 0ant-Length: 
0
-##
-T 127.0.0.1:44980 -> 127.0.0.1:40232 [AP]
-  39 38 39 3a 43 4f 4e 5445 4e 54 5f 4c 45 4e 47
989:CONTENT_LENG
+  74 69 6f 6e 3a 20 68 7474 70 3a 2f 2f tion: 
http://XXX
+  XX

+   2f 6f 6b 0d 0a 43
XX/ok..C
+  6f 6e 74 65 6e 74 2d 4c65 6e 67 74 68 3a 20 30ontent-Length: 0
+  0d 0a 0d 0a      
 
+
+T 127.0.0.1:54788 -> 127.0.0.1:40232 [AP]
+  38 35 30 3a 43 4f 4e 5445 4e 54 5f 4c 45 4e 47
850:CONTENT_LENG
   54 48 00 30 00 53 43 4749 00 31 00 53 45 52 56
TH.0.SCGI.1.SERV
   45 52 5f 53 4f 46 54 5741 52 45 00 41 70 61 63
ER_SOFTWARE.Apac
   68 65 2f 32 2e 32 00 5345 52 56 45 52 5f 50 52
he/2.2.SERVER_PR

Webpy 0.20 gives an absolute URL as the value of the Location header
whereas 0.21 only gives a relative URL, which is not allowed by the http
spec .

-- 
Sam Morris
http://robots.org.uk/

PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078


signature.asc
Description: This is a digitally signed message part