Making WordPress.org

Opened 2 years ago

Closed 2 years ago

#5941 closed defect (bug) (fixed)

Trac queries redirect through HTTP instead of HTTPS

Reported by: pento's profile pento Owned by:
Milestone: Priority: normal
Component: Trac Keywords:
Cc:

Description

To reproduce:

  • Visit https://meta.trac.wordpress.org/query
  • Open your browser devtools
  • In the devtools Network tab, ensure your Persist Logs option is enabled.
  • Back on the query page, click Update.
  • Check the POST request to https://meta.trac.wordpress.org/query, confirm that location response header contains a redirect to a HTTP URL.

I've confirmed this behaviour also occurs on core.trac, I assume there's a config option somewhere to fix it.

Change History (5)

#1 @dd32
2 years ago

I think this is because Trac isn't the server handling SSL, that's nginx in front of it. The Trac.ini documentation suggests setting certain options to ensure that in proxied locations that the proper URL is used.. which we have set..

[project]
url = https://meta.trac.wordpress.org/

[trac]
base_url = https://meta.trac.wordpress.org/

I have also confirmed this on my own Trac test install, which also has SSL handled at a proxy layer.. so this looks like an upstream bug in Trac to me.

Edit:

  • I can't duplicate it against trac.edgewall.org, but that's using Apache probably with mod_wsgi - so no proxying involved.
  • WordPress.org and my Trac install use Tracd w/ HTTP and SSL handled outside of it.
Last edited 2 years ago by dd32 (previous) (diff)

#2 follow-up: @pento
2 years ago

It looks like the <a href="https://trac.edgewall.org/wiki/TracIni#trac-use_base_url_for_redirect-option">use_base_url_for_redirect</a> option may help here.

Version 1, edited 2 years ago by pento (previous) (next) (diff)

#3 in reply to: ↑ 2 @dd32
2 years ago

Replying to pento:

It looks like the use_base_url_for_redirect option may help here.

Yep, that's it. Setting use_base_url_for_redirect = enabled fixes it on my install.

aaaand it's explicitly disabled: https://meta.trac.wordpress.org/browser/sites/trunk/trac.wordpress.org/conf/common-extended.ini?marks=52#L52

#4 @dd32
2 years ago

In 11310:

Trac: Set trac.use_base_url_for_redirect = true to ensure that Trac redirects use SSL by default.

Props pento.
See #5941.

#5 @dd32
2 years ago

  • Resolution set to fixed
  • Status changed from new to closed

That appears to have done the job.

I've checked a few Trac's, and they seem to be working correctly.

https://ios.trac.wordpress.org/query has it's base_url set to HTTP://, so it's still got the redirect, https://code.trac.wordpress.org/query doesn't have base_url defined, so it also still uses http, but all the Active tracs appear to be working without that extra redirect now.

Note: See TracTickets for help on using tickets.