Re: Review Board Ticket #5012: requests to /api/... do not use public server name but private IP address
-- To reply, visit https://hellosplat.com/s/beanbag/tickets/5012/ -- New update by HeroicAlbeit For Beanbag, Inc. > Review Board > Ticket #5012 Reply: to get some more insight and rule out the browser I use curl to do the above failed request with correct ``. what I get is a JSON body that contains (many) wrong URLs with `http://` like so: ``` $ curl -H 'cookie: csrftoken=; rbsessionid;' 'https:///api/review-requests/3/draft/?api_format=json=html=raw=depends_on%2Ctarget_people%2Ctarget_groups' {"draft": {"branch": "", "bugs_closed": [], "changedescription": "", "changedescription_text_type": "html", "commit_id": null, "depends_on": [], "description": "", "description_text_type": "html", "extra_data": {}, "id": 3, "last_updated": "2023-11-02T07:22:25Z", "links": {"delete": {"href": "http:///api/review-requests/3/draft/", "method": "DELETE"} ... "submitter": {"href": "http:///api/users/admin/", "method": "GET", "title": "admin"} ... ``` looks like the `/api/` part is not using the configured server name? -- You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard-issues/20231102174528.23595.23908%40ip-10-1-54-209.ec2.internal.
Review Board Ticket #5012: requests to /api/... do not use public server name but private IP address
-- To reply, visit https://hellosplat.com/s/beanbag/tickets/5012/ -- New ticket #5012 by HeroicAlbeit For Beanbag, Inc. > Review Board Status: New Tags: Priority:Medium, Type:Defect -- requests to /api/... do not use public server name but private IP address == # What version are you running? 6.0 in docker image 45ada0a9f402 this is a new setup with the nginx+gunicorn setup method and a "API Gateway" on Oracle Cloud in front of the nginx port. The "API Gateway" is setup to route `https:///` to `http://:8080/`, where 8080 is the exposed nginx port. This works, as I can login. # What's the URL of the page containing the problem? `https:///r/3/` this page shows up, but the "Diff" tab is missing and I am unable to change fields of this request, such as Summary or Description. Using Debug Console of the browser reveals an error, see below. # What steps will reproduce the problem? 1. create a new review request, ie. by uploading a patch 2. browse the request 3. not the missing Diff tab 4. inspect browser debug console # What is the expected output? What do you see instead? the Diff tab would be there editing Fields such as Summary would work no errors in browser console # What operating system are you using? What browser? the instance uses Ubuntu 22.04.3 LTS on ARM processor however, Reviewboard itself runs as above mentioned Docker image, pulling the ARM sha256. # Please provide any additional information below. the error on debug console is this: ``` 3rdparty-base.min.js:1 Mixed Content: The page at 'https:///r/3/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http:///api/review-requests/3/draft/?api_format=json=html=raw=depends_on%2Ctarget_people%2Ctarget_groups'. This request has been blocked; the content must be served over HTTPS. ``` this is absolutely correct and can not work, even if the browser would not block it, since `` is not routed on the internet. also note that port 8080 is missing in ``; this tells me the API Gateway is not involved as it is setup to always send to this port. looking at the Network tab in the browser debug tool shows a Request Initiator chain looking like this: 1. `https:///r/3/` 2. `https:///static/lib/js/3rdparty-base.min.js` 3. `http:///api/review-requests/3/draft/?api_format=json=html=raw=depends_on%2Ctarget_people%2Ctarget_groups` the Request call stack for this is rather long and I can't copy-paste it. the nginx.conf setup follows the Admin Manual, with the essential part being: ``` location / { proxy_pass http://reviewboard; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Ssl off; proxy_set_header X-Real-IP $remote_addr; client_max_body_size10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_headers_hash_max_size 512; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } ``` This handles login/logout and many other things such as configuring, while some (?) `/api/` requests dont ever reach this nginx since the browser gets told to send these using the ``. The Server name in General Settings is correctly set to `` - I guess login would not be impossible otherwise. -- -- You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard-issues/20231102142420.23594.27586%40ip-10-1-54-209.ec2.internal.