Making WordPress.org

Opened 3 months ago

Closed 3 months ago

#5941 closed defect (fixed)

Trac queries redirect through HTTP instead of HTTPS

Reported by: pento Owned by:
Milestone: Priority: normal
Component: Trac Keywords:
Cc:

Description

To reproduce:

  • Visit https://meta.trac.wordpress.org/query
  • Open your browser devtools
  • In the devtools Network tab, ensure your Persist Logs option is enabled.
  • Back on the query page, click Update.
  • Check the POST request to https://meta.trac.wordpress.org/query, confirm that location response header contains a redirect to a HTTP URL.

I've confirmed this behaviour also occurs on core.trac, I assume there's a config option somewhere to fix it.

Change History (5)

#1 @dd32
3 months ago

I think this is because Trac isn't the server handling SSL, that's nginx in front of it. The Trac.ini documentation suggests setting certain options to ensure that in proxied locations that the proper URL is used.. which we have set..

[project]
url = https://meta.trac.wordpress.org/

[trac]
base_url = https://meta.trac.wordpress.org/

I have also confirmed this on my own Trac test install, which also has SSL handled at a proxy layer.. so this looks like an upstream bug in Trac to me.

Edit:

  • I can't duplicate it against trac.edgewall.org, but that's using Apache probably with mod_wsgi - so no proxying involved.
  • WordPress.org and my Trac install use Tracd w/ HTTP and SSL handled outside of it.
Last edited 3 months ago by dd32 (previous) (diff)

#2 follow-up: @pento
3 months ago

It looks like the use_base_url_for_redirect option may help here.

Last edited 3 months ago by pento (previous) (diff)

#3 in reply to: ↑ 2 @dd32
3 months ago

Replying to pento:

It looks like the use_base_url_for_redirect option may help here.

Yep, that's it. Setting use_base_url_for_redirect = enabled fixes it on my install.

aaaand it's explicitly disabled: https://meta.trac.wordpress.org/browser/sites/trunk/trac.wordpress.org/conf/common-extended.ini?marks=52#L52

#4 @dd32
3 months ago

In 11310:

Trac: Set trac.use_base_url_for_redirect = true to ensure that Trac redirects use SSL by default.

Props pento.
See #5941.

#5 @dd32
3 months ago

  • Resolution set to fixed
  • Status changed from new to closed

That appears to have done the job.

I've checked a few Trac's, and they seem to be working correctly.

https://ios.trac.wordpress.org/query has it's base_url set to HTTP://, so it's still got the redirect, https://code.trac.wordpress.org/query doesn't have base_url defined, so it also still uses http, but all the Active tracs appear to be working without that extra redirect now.

Note: See TracTickets for help on using tickets.