Last modified: 2014-04-24 17:10:52 UTC
* View https://bugzilla.wikimedia.org/attachment.cgi?id=829&action=edit * Click "View Attachment as Diff" Request url: https://bug-attachment.wikimedia.org/attachment.cgi?id=829 This makes it impossible to view diffs on https, and bugzilla is enforced to be on HTTPS.
Confirming problem. Value for attachment_base in Bugzilla is set to http://bug-attachment.wikimedia.org/ Changing it to https://bug-attachment.wikimedia.org/ won't fix this but the redirection would trigger e.g. "the page isn't displaying properly" in Firefox and still wouldn't enable "View Attachment as Diff". Looks like nothing I could fix in Bugzilla itself.
Needs to fix apache configuration to not redirect this domain. Though I can't find an entry for this redirect in the operations/apache-config.git repo.
https://gerrit.wikimedia.org/r/#/c/49200/ RT #2490
(In reply to comment #1) > Value for attachment_base in Bugzilla is set to > http://bug-attachment.wikimedia.org/ > Changing it to > https://bug-attachment.wikimedia.org/ > won't fix this but the redirection would trigger [...] Want to try that again now that the apache conf change has been deployed?
(In reply to comment #0) > * View https://bugzilla.wikimedia.org/attachment.cgi?id=829&action=edit > * Click "View Attachment as Diff" > > > Request url: > https://bug-attachment.wikimedia.org/attachment.cgi?id=829 > https://bug-attachment.wikimedia.org/attachment.cgi?id=827 The above urls still redirect to http://.
(In reply to comment #5) > The above urls still redirect to http://. I'm not sure what your point is. Comment #4 still holds.
(In reply to comment #4) > Want to try that again now that the apache conf change has been deployed? Done. Still doesn't work, same result as for http.
giving to default assignee for now and removing patch-in-gerrit keyword. maybe someone with shell on kaulen can take a crack at it or I may look again at some point.
Looking at the code, the inline documentation comments confuse me. We don't use %bugid% in the attachment_base parameter of Wikimedia Bugzilla. So attachment.cgi:293 states: elsif ($cgi->url_is_attachment_base) { # If we come here, this means that each bug has its own host for attachments which implies that attachment.cgi:264: if ($cgi->url_is_attachment_base($bug_id)) { would be executed if there is no %bugid% substring in attachment_base, right? But in Bugzilla/CGI.pm:510's url_is_attachment_base() the comment says: # If we're passed an id, we only want one specific attachment base for a particular bug. Feels contradicting, but maybe I miss something obvious. Wild guesses: There are some calls for * do_ssl_redirect_if_required() * redirect_to_urlbase() in attachment.cgi which might be the reason for our issues?
<LpSolit> andre: the code and comments are correct... <LpSolit> if ($cgi->url_is_attachment_base($bug_id)) { <LpSolit> it will check if the URL is the one for the given attachment <LpSolit> and if it's not, then we know there is something wrong <LpSolit> which is what the comment says <LpSolit> # If we come here, this means that each bug has its own host <LpSolit> # for attachments, and that we are trying to view one attachment <LpSolit> # using another bug's host. That's not desired. <LpSolit> you don't reach elsif ($cgi->url_is_attachment_base) if your are viewing attachments with the correct URL
(In reply to comment #0) > * View https://bugzilla.wikimedia.org/attachment.cgi?id=829&action=edit > * Click "View Attachment as Diff" That's not a diff (I should have realized that earlier). For https://bugzilla.wikimedia.org/attachment.cgi?id=827&action=edit or https://bugzilla.wikimedia.org/attachment.cgi?id=11975&action=edit , clicking "View Attachment as Diff" works fine. I'm closing this as INVALID.
So view attachment works, but via a redirect to http, that can't be what we want. Can we try again with https in the attachment_base? (RT #2490 for the grody details)
(In reply to Ariel T. Glenn from comment #12) > Can we try again with https in the attachment_base? (RT #2490 for the > grody details) I set attachment_base from http://bug-attachment.wikimedia.org/ to https://bug-attachment.wikimedia.org/ but going to https://bugzilla.wikimedia.org/attachment.cgi?id=829&action=edit I still get The attachment is not viewable in your browser due to security restrictions enabled by your Bugzilla administrator. In order to view the attachment, you first have to download it. Actions: View | Delete Clicking on "View" I get to https://bugzilla.wikimedia.org/attachment.cgi?id=829 which offers to open locally in a text editor. Not worse than before though, so I'll keep it as https://
Ah, damn it, I should have re-read my comment 11 first before adding comment 13. Sorry for my confusion.