Skip to content

HTTPS -> HTTP redirect in URLs missing a trailing slash #6229

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
davidfischer opened this issue Oct 1, 2019 · 4 comments
Closed

HTTPS -> HTTP redirect in URLs missing a trailing slash #6229

davidfischer opened this issue Oct 1, 2019 · 4 comments
Labels
Bug A bug

Comments

@davidfischer
Copy link
Contributor

davidfischer commented Oct 1, 2019
edited
Loading

Under some circumstances, we are redirecting docs from HTTPS -> HTTP. We basically never want to do this.

$ curl -IL https://flask.palletsprojects.com/en/1.1.x/api
HTTP/2 301
...
location: http://flask.palletsprojects.com/en/1.1.x/api/
...

This is most visible with dirhtml builds where a trailing slash is often omitted and curling https://flask.palletsprojects.com/en/1.1.x/api/ directly is fine. This affects subdomain docs too (*.readthedocs.io) but in a different manner (HTTPS -> HTTP -> HTTPS again):

$ curl -IL https://flask.readthedocs.io/en/1.1.x/api
HTTP/1.1 301 Moved Permanently
...
Location: http://flask.readthedocs.io/en/1.1.x/api/
...

HTTP/1.1 301 Moved Permanently
...
Location: https://flask.readthedocs.io/en/1.1.x/api/
...

It affects non-dirhtml docs as well although it isn't as visible because the issue is hit pretty infrequently because most requests end with .html:

$ curl -IL https://docs.readthedocs.io/en/stable/config-file
HTTP/1.1 301 Moved Permanently
...
Location: http://docs.readthedocs.io/en/stable/config-file/

My current best guess is that this is due to the nginx try_files directive using the first listener which is port 80. For subdomain docs, we have a blanket HTTP -> HTTPS redirect so this problem is masked although not really resolved. We can't do a blanket redirect for all custom domains because many people have not correctly setup their custom domain such that RTD can issue a certificate. (see #4641)

This also affects the redirects in place for $lang/$version:

$ curl -IL https://docs.readthedocs.io/en/stable
HTTP/1.1 301 Moved Permanently
...
Location: http://docs.readthedocs.io/en/stable/
...
@davidfischer davidfischer changed the title Fix HTTPS -> HTTP redirect in URLs missing a trailing slash HTTPS -> HTTP redirect in URLs missing a trailing slash Oct 1, 2019
@davidfischer davidfischer added the Bug A bug label Oct 1, 2019
@davidfischer
Copy link
Contributor Author

Based on my reading, I think the fix may be to turn absolute_redirect off; in nginx. It looks like nginx issues redirects under some circumstances and it uses the same $scheme as the request. Since SSL is terminated at the load balancer, the $scheme is http rather than https.

@Patil2099
Copy link

@davidfischer Can I work on this issue?

@stsewd
Copy link
Member

stsewd commented Oct 2, 2019

@Patil2099 this requires access to our ops repo, that repo is private.

@davidfischer
Copy link
Contributor Author

We rolled the fix out to this this week (absolute_redirect off) and it seems to be working without issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug A bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@davidfischer @stsewd @Patil2099