Bug 1249496 - "Submit job" button redirects to 'http' URL when it should be 'https' URL
"Submit job" button redirects to 'http' URL when it should be 'https' URL
Product: Beaker
Classification: Community
Component: web UI (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified (vote)
: 21.1
: ---
Assigned To: Dan Callaghan
: Patch, Regression
Depends On:
  Show dependency treegraph
Reported: 2015-08-03 04:00 EDT by Jun'ichi NOMURA
Modified: 2015-10-20 23:25 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-10-20 23:25:32 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jun'ichi NOMURA 2015-08-03 04:00:37 EDT
Description of problem:
  "Submit job" button redirects to 'http' URL when it should be 'https' URL

Version-Release number of selected component (if applicable):

How reproducible:
  Always if the lab is configured to use https

Steps to Reproduce:
  1. Go to Scheduler->Reserve page from web UI
  2. Enter provisioning parameters
  3. Press "Submit job" button

Expected results:
  Redirected to 'https' URL if your lab is configured to use 'https'.

Actual results:
  Redirected to 'http' URL and get error.

Additional information:
  The same problem is observed with "Add+" button in Systems page.

  I set 'https' in tg.url_scheme of /etc/beaker/server.cfg.
  This is a regression from 0.18.
Comment 1 Dan Callaghan 2015-08-13 00:41:29 EDT
I think the problem is that we are relying on Flask to convert the Location header to absolute URLs in these cases, and it isn't aware of the TurboGears config. I expect it will use the URL scheme from wsgi.url_scheme which will be set to 'http' if mod_wsgi thinks it is serving the application over HTTP, which is what happens if you serve the application over HTTP with a reverse proxy in front doing SSL termination...
Comment 2 Dan Callaghan 2015-08-16 21:55:30 EDT
Comment 3 Dan Callaghan 2015-08-16 21:58:33 EDT
This is only reproducible if:
* the server is configured to use HTTPS (tg.url_scheme="https" in /etc/beaker/server.cfg)
* the redirect to HTTPS is not enabled (RewriteCond and RewriteRule in /etc/httpd/conf.d/beaker-server.conf not uncommented)
* the application is accessed over HTTP, or there is an SSL-terminating reverse proxy which accesses the application over HTTP

None of our environments have this configuration which is why we haven't spotted the problem before.
Comment 4 Dan Callaghan 2015-08-26 02:43:08 EDT
This bug fix is included in beaker-server-21.1-0.git.3.58733b1.el6eng, which is currently available for download here:

Comment 7 Dan Callaghan 2015-10-20 23:25:32 EDT
Beaker 21.1 has been released.

Note You need to log in before you can comment on or make changes to this bug.