From owner-freebsd-doc@freebsd.org Mon Nov 5 16:42:18 2018 Return-Path: Delivered-To: freebsd-doc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2DB151105CEB for ; Mon, 5 Nov 2018 16:42:18 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gate2.funkthat.com", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 21B0685FA6; Mon, 5 Nov 2018 16:42:16 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (localhost [127.0.0.1]) by gold.funkthat.com (8.15.2/8.15.2) with ESMTPS id wA5Gg79s002287 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 5 Nov 2018 08:42:07 -0800 (PST) (envelope-from jmg@gold.funkthat.com) Received: (from jmg@localhost) by gold.funkthat.com (8.15.2/8.15.2/Submit) id wA5Gg7oo002286; Mon, 5 Nov 2018 08:42:07 -0800 (PST) (envelope-from jmg) Date: Mon, 5 Nov 2018 08:42:07 -0800 From: John-Mark Gurney To: Eitan Adler Cc: "freebsd-doc@freebsd.org" , Peter Wemm Subject: Re: update message id link to use https.. Message-ID: <20181105164207.GJ75530@funkthat.com> References: <20181103181231.GG75530@funkthat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD 11.0-RELEASE-p7 amd64 X-PGP-Fingerprint: D87A 235F FB71 1F3F 55B7 ED9B D5FF 5A51 C0AC 3D65 X-Files: The truth is out there X-URL: https://www.funkthat.com/ X-Resume: https://www.funkthat.com/~jmg/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.6.1 (2016-04-27) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (gold.funkthat.com [127.0.0.1]); Mon, 05 Nov 2018 08:42:07 -0800 (PST) X-Rspamd-Queue-Id: 21B0685FA6 X-Spamd-Result: default: False [3.93 / 200.00]; ARC_NA(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+a]; NEURAL_SPAM_SHORT(0.41)[0.406,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[funkthat.com]; TO_DN_SOME(0.00)[]; NEURAL_SPAM_MEDIUM(0.04)[0.044,0]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[gold.funkthat.com]; MX_MISSING(3.50)[requested record is not found]; IP_SCORE(-0.01)[country: US(-0.06)]; FORGED_SENDER(0.30)[jmg@funkthat.com,jmg@gold.funkthat.com]; R_DKIM_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:32354, ipnet:208.87.216.0/21, country:US]; FROM_NEQ_ENVFROM(0.00)[jmg@funkthat.com,jmg@gold.funkthat.com]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Nov 2018 16:42:18 -0000 Eitan Adler wrote this message on Sat, Nov 03, 2018 at 15:23 -0700: > On Sat, 3 Nov 2018 at 11:13, John-Mark Gurney wrote: > > > > I'd like to apply the following patch, so that the link at the bottom > > of messages is by default https instead of http: > > > > Any objections? > > LGTM So, looks like I discovered a minor bug in our redirection part of mid.cgi. do a: fetch https://docs.freebsd.org/cgi/mid.cgi?20181101174032.GN81143@FreeBSD.org and you'll get forbidden. It turns out that we are sending a scheme relative URL in the 302 Moved response, so apparently most web browsers handle this correctly, BUT, if you read the RFC for HTTP/1.1, Location needs to be an absoluteURI: https://tools.ietf.org/html/rfc2616#section-14.30 and an absoluteURI per https://tools.ietf.org/html/rfc2396 requires a scheme.. Fetch doesn't handle this correctly, and per running w/ -vvv, you see that it tries to fetch: https://docs.freebsd.org//docs.freebsd.org/cgi/getmsg.cgi?fetch=0+0+/usr/local/www/mailindex/archive/2018/freebsd-snapshots/20181104.freebsd-snapshots and it goes on another redirect... So, any objections to me adding https: to the front of the redirect? This is fine, as we now redirect http to https for docs.freebsd.org anyway, so we don't need to add protocol detction... Comments? I don't know how to test this to make sure I don't break anything. Looks like the following patch should fix this: Index: mid.cgi =================================================================== --- mid.cgi (revision 52381) +++ mid.cgi (working copy) @@ -89,7 +89,7 @@ local($id, $file, $start) = split($", $idlist[0]); $location =~ s%/[^/]+$%%; local($host) = $ENV{'HTTP_HOST'}; - $location = '//' . $host . $location; + $location = 'https://' . $host . $location; $start =~ s/\s+$//; print "Location: $location/getmsg.cgi?fetch=$start+0+" . -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."