Fix redirects on /ring page by using relative targets. (#1896)

pstibrany · gouthamve · commit d8a96466f635 · 2019-12-11T14:12:18.000+01:00
* Fix redirects on /ring page by using relative targets.

Signed-off-by: Peter Štibraný &lt;peter.stibrany@grafana.com&gt;

* CHANGELOG.md

Signed-off-by: Peter Štibraný &lt;peter.stibrany@grafana.com&gt;

* CHANGELOG.md, correct order.

Signed-off-by: Peter Štibraný &lt;peter.stibrany@grafana.com&gt;

* Fix typo

Signed-off-by: Peter Štibraný &lt;peter.stibrany@grafana.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,7 @@
   * `ruler.rule-path` has been added to specify where the prometheus rule manager will sync rule files
   * `ruler.storage.type` has beem added to specify the rule store backend type, currently only the configdb.
   * `ruler.poll-interval` has been added to specify the interval in which to poll new rule groups.
+* [CHANGE] Use relative links from /ring page to make it work when used behind reverse proxy. #1896
 * [FEATURE] The distributor can now drop labels from samples (similar to the removal of the replica label for HA ingestion) per user via the `distributor.drop-label` flag. #1726
 * [BUGFIX] Fixed unnecessary CAS operations done by the HA tracker when the jitter is enabled. #1861
 
diff --git a/pkg/ring/http.go b/pkg/ring/http.go
@@ -59,9 +59,9 @@ const tpl = `
 			</table>
 			<br>
 			{{ if .ShowTokens }}
-			<input type="button" value="Hide Ingester Tokens" onclick="window.location.href = '/ring'" />
+			<input type="button" value="Hide Ingester Tokens" onclick="window.location.href = '?tokens=false' " />
 			{{ else }}
-			<input type="button" value="Show Ingester Tokens" onclick="window.location.href = '/ring?tokens=true'" />
+			<input type="button" value="Show Ingester Tokens" onclick="window.location.href = '?tokens=true'" />
 			{{ end }}
 			<pre>{{ .Ring }}</pre>
 		</form>
@@ -98,7 +98,13 @@ func (r *Ring) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 
 		// Implement PRG pattern to prevent double-POST and work with CSRF middleware.
 		// https://en.wikipedia.org/wiki/Post/Redirect/Get
-		http.Redirect(w, req, req.RequestURI, http.StatusFound)
+
+		// http.Redirect() would convert our relative URL to absolute, which is not what we want.
+		// Browser knows how to do that, and it also knows real URL. Furthermore it will also preserve tokens parameter.
+		// Note that relative Location URLs are explicitly allowed by specification, so we're not doing anything wrong here.
+		w.Header().Set("Location", "#")
+		w.WriteHeader(http.StatusFound)
+
 		return
 	}
 
