Dancer2
Dancer2 copied to clipboard
Doubled name in URL on redirect
I'm using the YARBAC plugin for authentication and seeing some strange behavior. I thought at first it was a YARBAC issue but it may be a bug in Dancer2 instead. I have login required. When a user requests a route, the program checks to see if they're logged in. If not, they're redirected to the login page and, after successful login, they should be redirected to the original route. What I'm seeing is that instead they're redirected to a route which has the project name doubled up. I'm running the program over Apache via fcgi, so the base URL for the site is www.mydomain.org/myproject. If the user requests www.domain.org/myproject/route1, then after login they're redirected to www.mydomain.org/myproject/myproject/route1 instead. myproject is listed in the URL twice.
I added an extra debug statement to the YARBAC _require_login What I've found is this:
'[myproject:30092] debug @2016-02-25 05:07:04> YARBAC ========> base is https://www.mydomain.org/myproject and request is /myproject/passdown in /usr/local/share/perl/5.14.2/Dancer2/Core/Hook.pm l. 33'
So myproject is included as both the last entry in request->uri_basel and the first in request->request_uri.
This leads to it being doubled up in the resulting redirect.
I'm not sure if I have something set wrong somewhere or if this is simply a bug but any help narrowing it down would be greatly appreciated.
@BTrey Are you setting the SCRIPT_NAME
header somewhere in your apache config ?
I am not aware of doing so and I neither a visual check nor GREP finds that string in any of he config files.
@BTrey, Any chance you could reduce this to a repeatable test that we verify this? That would make it easy to test and fix, and to make sure it doesn't happen again.
I think this is a simple example for the problem. The following route creates an infinate loop if the application base were '/
'. (No one wants an infinate loop of course, but the DPAE modules store the original request using request_uri as the return url on login success).
get '/test' => sub {
my $request_uri = request->request_uri;
redirect $request_uri;
};
If the code snippet is run with plackup will create the infinate loop. Running plackup bin/app.psgi
and requesting http://host/test
will just redirect to itself (http://host/test
).
Using the --path
parameter however will not create an infinate loop, because the path will be duplicated. Running plackup --path=/app bin/app.psgi
and then requesting http://host/app/test
will redirect to http://host/app/app/test
I actually think the behaviour is correct as-is, at least to be consistent with Plack. request_uri
returns the "raw" request from the browser, whereas path
and co return the adjusted URL information and should be used instead. This has some more information: https://metacpan.org/pod/Plack::Request#DISPATCHING
I've fixed the issue in DPAE https://github.com/PerlDancer/Dancer2-Plugin-Auth-Extensible/commit/c01719fa469fc49b9690cccc20fb1b333e77c32b