Skip to content

Strip any number of trailing slashes from realm URLs #3819

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 4, 2020
Merged

Strip any number of trailing slashes from realm URLs #3819

merged 3 commits into from
May 4, 2020

Conversation

chrisbobbe
Copy link
Contributor

This does the following, to fix #3567:

Things I expect we'll want to do to clean this up:

  • Tweak fixRealmUrl so it strips any number of trailing slashes.
  • Add a migration that strips trailing slashes on realm in all existing accounts.

It also removes some "DEPRECATED" comments that don't seem to apply.

@chrisbobbe chrisbobbe requested a review from gnprice January 17, 2020 00:55
@chrisbobbe
Copy link
Contributor Author

chrisbobbe commented Jan 18, 2020
edited
Loading

I wonder if importing and using fixRealmUrl for the migration is correct, or if we should instead clone fixRealmUrl and use that, so future changes to it don’t unintentionally change the migration’s behavior.

@rk-for-zulip
Copy link
Contributor

I still think it's possible to configure a proxy server in such a way that the extra slash is needed; but if that's explicitly not a case we want to support, I'm okay with that, as long as we make a note of it somewhere. (Possibly this comment.)

hasProtocol was marked DEPRECATED in e0be99a, and fixRealmUrl was marked as DEPRECATED in 4b687d4, but neither commit explained the reason for the marking, and they're both still being used.

Mea culpa. I marked those as /** DEPRECATED */ mostly because I think we should move toward using some sort of URL-object, rather than passing around a bare string to do ad-hoc regex hacking on. I may also have done so because:

  • They both have subtle edge cases and fail to conform to the relevant specifications.
  • fixRealmUrl is a DWIM function, and is therefore closely tied to its context. It shouldn't be used anywhere but SmartUrlInput.js (and so shouldn't be in url.js at all, much less imported by anyone else).
  • Most of fixRealmUrl's functionality is duplicated in or has been moved to autocompleteRealm[Pieces] anyway. It probably isn't even needed in SmartUrlInput.js anymore.

At any rate, I certainly believe the latter two of those things now, and wouldn't be surprised by the first. 🙂

I wonder if importing and using fixRealmUrl for the migration is correct, or if we should instead clone fixRealmUrl and use that, so future changes to it don’t unintentionally change the migration’s behavior.

Neither, I think. You're on the right track with the second of those two, but fixRealmUrl does more than just strip trailing slashes. (It's supposed to be idempotent, but that's probably not safe to rely on.)

I'm pretty sure we want the migration to just strip slashes, nothing more.

@chrisbobbe
Copy link
Contributor Author

chrisbobbe commented Jan 22, 2020
edited
Loading

I still think it's possible to configure a proxy server in such a way that the extra slash is needed; but if that's explicitly not a case we want to support, I'm okay with that, as long as we make a note of it somewhere. (Possibly this comment.)

Hmm, I don't have a competent answer to this. @gnprice?

I think we should move toward using some sort of URL-object

If that's the case, maybe larger changes are needed, and this PR should be closed?

I'm pretty sure we want the migration to just strip slashes, nothing more.

Yes, that makes a lot of sense. I just updated the PR with this (and as always, feedback is welcome).

@rk-for-zulip
Copy link
Contributor

If that's the case, maybe larger changes are needed, and this PR should be closed?

Setting aside my other concerns for a moment: I think this is a perfectly fine temporary mitigation – it won't make moving to a URL-object any harder, if and when we do that.

@chrisbobbe
Copy link
Contributor Author

OK, sounds good. I've added that inline comment and made some wording/conventions improvements to the commit messages. And, here, just a gentle bump to @gnprice to take a look at Ray's question about proxy server configuration and the scope of what we'll support, above.

@gnprice
Copy link
Member

gnprice commented Feb 27, 2020

Marking as priority, following the issue.

@chrisbobbe chrisbobbe mentioned this pull request Apr 18, 2020
Open
@gnprice
Copy link
Member

gnprice commented Apr 18, 2020

(Bumping this to remind myself to come back to it next week.)

This was referenced May 1, 2020
Closed
Closed
Chris Bobbe added 3 commits May 4, 2020 14:49
@gnprice
url.js: Unmark fixRealmUrl and hasProtocol as DEPRECATED.
b3248bf 
hasProtocol was marked DEPRECATED in e0be99a, and fixRealmUrl
was marked as DEPRECATED in 4b687d4, but neither commit explained
the reason for the marking, and they're both still being used.
@gnprice
url.js: Tweak fixRealmUrl to strips any number of trailing slashes, n…
79b9d0e 
…ot just one.

Requests to /events fail when the realm URL includes trailing slash,
e.g., https://example.zulipchat.com//api/v1/events. Current code
strips a single trailing slash, but not multiple.

Add test for multiple trailing slashes.

This bug is a little puzzling because it does not seem to affect
other requests, like /register, and no server-side differences among
the cases have been identified.
@gnprice
Add migration to strip trailing slashes on realm in all existing acco…
6797cdc 
…unts.

Fixes: zulip#3567.

A trailing slash on a realm URL interferes with /events calls.

The parent commit handles multiple trailing slashes only on fresh
URL inputs. A migration is needed for users whose cached realm URLs
have multiple.

Greg points out that we will want to take input from the server on
what the canonical realm URL is, and use that.
@gnprice
Copy link
Member

gnprice commented May 4, 2020

Thanks @chrisbobbe ! Sorry this has sat for so long.

These changes LGTM. About to merge.

I still think it's possible to configure a proxy server in such a way that the extra slash is needed; but if that's explicitly not a case we want to support,

Yeah, Zulip in general doesn't support going through a proxy that involves altering the URLs. Like many complex webapps, it has a notion of "what is my base URL", and using that it expects to be able to know exactly what URL from the user perspective corresponds to a given route.

I'm not sure we've ever had someone run into trouble from this kind of attempted proxy use case; if that does come up, we'll address it in our production docs.

Note we absolutely do support reverse proxies, which are a common tool in deploying webapps. A working reverse proxy has no problem setting up appropriate URLs.

@chrisbobbe
Copy link
Contributor Author

Thanks @chrisbobbe ! Sorry this has sat for so long.

No problem! 🙂

@gnprice gnprice merged commit 6797cdc into zulip:master May 4, 2020
@gnprice gnprice mentioned this pull request May 4, 2020
Closed
@rk-for-zulip rk-for-zulip mentioned this pull request May 18, 2020
Merged
@chrisbobbe chrisbobbe deleted the issue-3567 branch November 6, 2020 03:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gnprice gnprice Awaiting requested review from gnprice

Assignees
No one assigned
Labels
P1 high-priority
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Trailing slash on realm URL can happen, and breaks /events
3 participants
@chrisbobbe @rk-for-zulip @gnprice