3020: RBTools / post-review.py ignores https prefix

f**@leibe***** (Google Code) (Is this you? Claim this profile.)
Aug. 7, 2013 
What version are you running?
0.5.1 RBTools

What's the URL of the page containing the problem?
post-review.py


Here is the output, please note the "http" - even though we're using HTTPS in the config:
######
[florian@Florians-MacBook-Pro ~/mesosphere/chaos (wip)]$ cat .reviewboardrc 
GUESS_SUMMARY = True
REVIEWBOARD_URL = "https://rb.mesosphere.com/"
OPEN_BROWSER = True
######

This is the debug from the post-review, please note how there is no mention of the "HTTPS" - it assumes something is listening on http.

>>> HTTP POSTing to http://rb.mesosphere.com/api/review-requests/: {'repository': 'git@github.com:foo/chaos.git'}
>>> Review request created
Traceback (most recent call last):
  File "/usr/local/bin/post-review", line 8, in <module>
    load_entry_point('RBTools==0.5.1', 'console_scripts', 'post-review')()
  File "/Library/Python/2.7/site-packages/RBTools-0.5.1-py2.7.egg/rbtools/postreview.py", line 1363, in main
  File "/Library/Python/2.7/site-packages/RBTools-0.5.1-py2.7.egg/rbtools/postreview.py", line 893, in tempt_fate
  File "/Library/Python/2.7/site-packages/RBTools-0.5.1-py2.7.egg/rbtools/postreview.py", line 465, in new_review_request
chipx86
#1 chipx86 
Looks like the server isn't being told it needs to give HTTPS URLs back. This is a server-side config issue, rather than client-side. It's often due to having something sitting in front of Apache that's handling the SSL.

Try adding this to the reviewboard.wsgi file:

os.environ['HTTPS'] = 'on'
#2 f**@leibe***** (Google Code) (Is this you? Claim this profile.) 
This is not true. This is clearly a client side bug. I am not evening running plain HTTP only HTTPS!
#3 f**@leibe***** (Google Code) (Is this you? Claim this profile.) 
Why would the client assume there is a HTTP server running as opposed to a HTTPS server in first place?
chipx86
#4 chipx86 
It is true, and it is not a client-side bug. We are very well aware of this behavior.

The client did not generate the URL "http://..../api/review-requests/". The server built that link and told the client to use it for the request for review requests. Beyond the first root URL, the client has no knowledge of where anything lives and does not build paths. You can verify this by going to https://rb.mesosphere.com/api/ and see the URLs it returns.

The server will build a link with https:// if it knows it's supposed to. Your server doesn't. You need to set the HTTPS environment variable to "on" to force it (as per Django's URL building logic).
david
#5 david
  • +SetupIssue