Re: Review Board Ticket #5012: requests to /api/... do not use public server name but private IP address
--
To reply, visit https://hellosplat.com/s/beanbag/tickets/5012/
--
New update by HeroicAlbeit
For Beanbag, Inc. > Review Board > Ticket #5012
Reply:
to get some more insight and rule out the browser I use curl to do the
above failed request with correct ``.
what I get is a JSON body that contains (many) wrong URLs with
`http://` like so:
```
$ curl -H 'cookie: csrftoken=; rbsessionid;'
'https:///api/review-requests/3/draft/?api_format=json=html=raw=depends_on%2Ctarget_people%2Ctarget_groups'
{"draft": {"branch": "", "bugs_closed": [], "changedescription": "",
"changedescription_text_type": "html", "commit_id": null, "depends_on": [],
"description": "", "description_text_type": "html", "extra_data": {}, "id": 3,
"last_updated": "2023-11-02T07:22:25Z", "links": {"delete": {"href":
"http:///api/review-requests/3/draft/", "method":
"DELETE"} ... "submitter": {"href": "http:///api/users/admin/", "method": "GET", "title": "admin"} ...
```
looks like the `/api/` part is not using the configured server name?
--
You received this message because you are subscribed to the Google Groups
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to reviewboard-issues+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/reviewboard-issues/20231102174528.23595.23908%40ip-10-1-54-209.ec2.internal.
Review Board Ticket #5012: requests to /api/... do not use public server name but private IP address
--
To reply, visit https://hellosplat.com/s/beanbag/tickets/5012/
--
New ticket #5012 by HeroicAlbeit
For Beanbag, Inc. > Review Board
Status: New
Tags: Priority:Medium, Type:Defect
--
requests to /api/... do not use public server name but private IP address
==
# What version are you running?
6.0
in docker image 45ada0a9f402
this is a new setup with the nginx+gunicorn setup method and a "API Gateway" on
Oracle Cloud in front of the nginx port.
The "API Gateway" is setup to route `https:///`
to `http://:8080/`, where 8080 is the exposed
nginx port. This works, as I can login.
# What's the URL of the page containing the problem?
`https:///r/3/`
this page shows up, but the "Diff" tab is missing and I am unable to change
fields of this request, such as Summary or Description.
Using Debug Console of the browser reveals an error, see below.
# What steps will reproduce the problem?
1. create a new review request, ie. by uploading a patch
2. browse the request
3. not the missing Diff tab
4. inspect browser debug console
# What is the expected output? What do you see instead?
the Diff tab would be there
editing Fields such as Summary would work
no errors in browser console
# What operating system are you using? What browser?
the instance uses Ubuntu 22.04.3 LTS on ARM processor
however, Reviewboard itself runs as above mentioned Docker image, pulling the
ARM sha256.
# Please provide any additional information below.
the error on debug console is this:
```
3rdparty-base.min.js:1 Mixed Content: The page at 'https:///r/3/' was loaded over HTTPS, but requested an insecure XMLHttpRequest
endpoint 'http:///api/review-requests/3/draft/?api_format=json=html=raw=depends_on%2Ctarget_people%2Ctarget_groups'.
This request has been blocked; the content must be served over HTTPS.
```
this is absolutely correct and can not work, even if the browser would not
block it, since `` is not routed on the internet.
also note that port 8080 is missing in ``; this tells me
the API Gateway is not involved as it is setup to always send to this port.
looking at the Network tab in the browser debug tool shows a Request Initiator
chain looking like this:
1. `https:///r/3/`
2. `https:///static/lib/js/3rdparty-base.min.js`
3. `http:///api/review-requests/3/draft/?api_format=json=html=raw=depends_on%2Ctarget_people%2Ctarget_groups`
the Request call stack for this is rather long and I can't copy-paste it.
the nginx.conf setup follows the Admin Manual, with the essential part being:
```
location / {
proxy_pass http://reviewboard;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl off;
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_headers_hash_max_size 512;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
```
This handles login/logout and many other things such as configuring, while some
(?) `/api/` requests dont ever reach this nginx since the browser gets told to
send these using the ``.
The Server name in General Settings is correctly set to ``
- I guess login would not be impossible otherwise.
--
--
You received this message because you are subscribed to the Google Groups
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to reviewboard-issues+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/reviewboard-issues/20231102142420.23594.27586%40ip-10-1-54-209.ec2.internal.
