Bug 1249496

Summary: "Submit job" button redirects to 'http' URL when it should be 'https' URL
Product: [Retired] Beaker Reporter: Jun'ichi NOMURA <junichi.nomura>
Component: web UIAssignee: Dan Callaghan <dcallagh>
Status: CLOSED CURRENTRELEASE QA Contact: tools-bugs <tools-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: dcallagh, dowang, mjia, rjoost
Target Milestone: 21.1Keywords: Patch, Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-10-21 03:25:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jun'ichi NOMURA 2015-08-03 08:00:37 UTC 
Description of problem:
  "Submit job" button redirects to 'http' URL when it should be 'https' URL

Version-Release number of selected component (if applicable):
  beaker-server-20.1-1.el6eng

How reproducible:
  Always if the lab is configured to use https

Steps to Reproduce:
  1. Go to Scheduler->Reserve page from web UI
  2. Enter provisioning parameters
  3. Press "Submit job" button

Expected results:
  Redirected to 'https' URL if your lab is configured to use 'https'.

Actual results:
  Redirected to 'http' URL and get error.

Additional information:
  The same problem is observed with "Add+" button in Systems page.

  I set 'https' in tg.url_scheme of /etc/beaker/server.cfg.
  This is a regression from 0.18.
Comment 1 Dan Callaghan 2015-08-13 04:41:29 UTC 
I think the problem is that we are relying on Flask to convert the Location header to absolute URLs in these cases, and it isn't aware of the TurboGears config. I expect it will use the URL scheme from wsgi.url_scheme which will be set to 'http' if mod_wsgi thinks it is serving the application over HTTP, which is what happens if you serve the application over HTTP with a reverse proxy in front doing SSL termination...
Comment 2 Dan Callaghan 2015-08-17 01:55:30 UTC 
http://gerrit.beaker-project.org/4348
Comment 3 Dan Callaghan 2015-08-17 01:58:33 UTC 
This is only reproducible if:
* the server is configured to use HTTPS (tg.url_scheme="https" in /etc/beaker/server.cfg)
* the redirect to HTTPS is not enabled (RewriteCond and RewriteRule in /etc/httpd/conf.d/beaker-server.conf not uncommented)
* the application is accessed over HTTP, or there is an SSL-terminating reverse proxy which accesses the application over HTTP

None of our environments have this configuration which is why we haven't spotted the problem before.
Comment 4 Dan Callaghan 2015-08-26 06:43:08 UTC 
This bug fix is included in beaker-server-21.1-0.git.3.58733b1.el6eng, which is currently available for download here:

https://beaker-project.org/nightlies/release-21/RedHatEnterpriseLinux6/
Comment 7 Dan Callaghan 2015-10-21 03:25:32 UTC 
Beaker 21.1 has been released.