Dancer2 icon indicating copy to clipboard operation
Dancer2 copied to clipboard

Published 20 hours ago verified publisher icon PerlDancer

Doubled name in URL on redirect

Open BTrey opened this issue 8 years ago • 5 comments

I'm using the YARBAC plugin for authentication and seeing some strange behavior. I thought at first it was a YARBAC issue but it may be a bug in Dancer2 instead. I have login required. When a user requests a route, the program checks to see if they're logged in. If not, they're redirected to the login page and, after successful login, they should be redirected to the original route. What I'm seeing is that instead they're redirected to a route which has the project name doubled up. I'm running the program over Apache via fcgi, so the base URL for the site is www.mydomain.org/myproject. If the user requests www.domain.org/myproject/route1, then after login they're redirected to www.mydomain.org/myproject/myproject/route1 instead. myproject is listed in the URL twice.

I added an extra debug statement to the YARBAC _require_login What I've found is this:

'[myproject:30092] debug @2016-02-25 05:07:04> YARBAC ========> base is https://www.mydomain.org/myproject and request is /myproject/passdown in /usr/local/share/perl/5.14.2/Dancer2/Core/Hook.pm l. 33'

So myproject is included as both the last entry in request->uri_basel and the first in request->request_uri.

This leads to it being doubled up in the resulting redirect.

I'm not sure if I have something set wrong somewhere or if this is simply a bug but any help narrowing it down would be greatly appreciated.

BTrey avatar Feb 25 '16 11:02 BTrey

@BTrey Are you setting the SCRIPT_NAME header somewhere in your apache config ?

veryrusty avatar Feb 26 '16 10:02 veryrusty

I am not aware of doing so and I neither a visual check nor GREP finds that string in any of he config files.

BTrey avatar Mar 06 '16 14:03 BTrey

@BTrey, Any chance you could reduce this to a repeatable test that we verify this? That would make it easy to test and fix, and to make sure it doesn't happen again.

xsawyerx avatar Mar 10 '16 10:03 xsawyerx

I think this is a simple example for the problem. The following route creates an infinate loop if the application base were '/'. (No one wants an infinate loop of course, but the DPAE modules store the original request using request_uri as the return url on login success).

get '/test' => sub {
    my $request_uri = request->request_uri;
    redirect $request_uri;
};

If the code snippet is run with plackup will create the infinate loop. Running plackup bin/app.psgi and requesting http://host/test will just redirect to itself (http://host/test).

Using the --path parameter however will not create an infinate loop, because the path will be duplicated. Running plackup --path=/app bin/app.psgi and then requesting http://host/app/test will redirect to http://host/app/app/test

whosgonna avatar Aug 23 '17 23:08 whosgonna

I actually think the behaviour is correct as-is, at least to be consistent with Plack. request_uri returns the "raw" request from the browser, whereas path and co return the adjusted URL information and should be used instead. This has some more information: https://metacpan.org/pod/Plack::Request#DISPATCHING

I've fixed the issue in DPAE https://github.com/PerlDancer/Dancer2-Plugin-Auth-Extensible/commit/c01719fa469fc49b9690cccc20fb1b333e77c32b

abeverley avatar Dec 17 '18 21:12 abeverley