Opened 6 years ago

Last modified 6 years ago

#8265 defect new

RedirectAgent uses the wrong base URL when canonicalising Location responses

Reported by: Matthew Hodgson Owned by: Matthew Hodgson
Priority: high Milestone:
Component: web Keywords:
Cc: Branch:
Author:

Description

RedirectAgent appears to use the original request's URL as the base for resolving the Location header in a response to an absolute URL, rather than the current redirect request's URL. This means that cross-host redirections with more than 1 hop break. For instance, trying to GET http://news.bbc.co.uk fails currently with an infinite redierct loop of:

> GET / HTTP/1.1
> Host: news.bbc.co.uk

< HTTP/1.1 301 Moved Permanently
< Location: http://www.bbc.co.uk/news/

> GET /news/ HTTP/1.1
> Host: www.bbc.co.uk

< HTTP/1.1 301 Moved Permanently
< Location: /news

> GET /news HTTP/1.1
> Host: news.bbc.co.uk

< HTTP/1.1 301 Moved Permanently
< Location: http://www.bbc.co.uk/news/

...with the last two requests looping forever. This is because the Location of the 2nd request is incorrectly resolved to http://news.bbc.co.uk/news (using the Host of the original request) whereas it should be http://www.bbc.co.uk/news (using the Host of the 2nd request).

The attached trivial patch fixes this by resolving the Location header using the current response's request.absoluteURI rather than the original uri that was passed into the RedirectAgent.

Attachments (1)

fix-redirect-resolve-location.patch (728 bytes) - added by Matthew Hodgson 6 years ago.
patch against current twisted trunk that fixes #8265

Download all attachments as: .zip

Change History (3)

Changed 6 years ago by Matthew Hodgson

patch against current twisted trunk that fixes #8265

comment:1 Changed 6 years ago by Matthew Hodgson

Keywords: review added

comment:2 Changed 6 years ago by Adi Roiban

Keywords: review removed
Owner: set to Matthew Hodgson

Many thanks for your contribution.

Please consider adding an automated tests for this use case so that in the future we can prevent a regression on this.

Also, please add a news file fragment (aka release notes) to your patch so that this fix will be advertised in the release notes of the next release.

More details at https://twistedmatrix.com/trac/wiki/ReviewProcess#Newsfiles

Many thanks again!

Note: See TracTickets for help on using tickets.