| Issue 875: | Change URL redirect not working on Safari, Opera | |
| 12 people starred this issue and may be notified of changes. | Back to list |
Affected Version: 2.1.6.1 Click on a URL in an email from Gerrit (http://review.typo3.org/1039) If using Firefox or Chrome you end up at the detail screen for said change (https://review.typo3.org/#change,1039) For Safari and Opera you end up in your dashboard instead (https://review.typo3.org/#mine).
Nov 13, 2011
#1
Lucas.Je...@gmail.com
Nov 13, 2011
What kind of authentication is configured for the Gerrit server? Is it still working with Firefox and Chrome if you have no Gerrit session (e.g. delete the cookies in the browser and then click on the URL in the email)?
Nov 13, 2011
As for the authentication I can't really say, because I'm not the server's administrator. The specific installation I'm talking about is http://review.typo3.org It still works in Firefox if I clear my entire browser settings including cookies etc.
Nov 13, 2011
Hi Edwin, we use HTTP auth at TYPO3. I just tested it with Eclipse's Gerrit and there it works, indeed. Do you have a clue, why this doesn't work for us? Thanks Steffen
Nov 13, 2011
Hi Steffen,
we recently had a similar problem with our Gerrit installation and we were able to solve it. Not sure if in your case it's the same reason.
We had configured container based authentication (SAML2) for all URLs ('/*'). When a user clicked on a URL, e.g. 'https://<host>:<port>/#settings' and the user was not authenticated, then the anchor ('#settings') was lost from the URL after the authentication was done. Without anchor the user was then redirected to the default page '#mine'. The reason for the problem is that with this setup the anchor is not even sent to the server (details are explained in [1]). Since the Gerrit web UI didn't have a chance to read the anchor from the URL before the redirect for the authentication happened the anchor was lost.
We solved the problem by changing the security constraints so that there is no authentication required for root ('/'), but everything else ('/*') requires authentication. With this configuration Gerrit can read the anchor from the URL. After that Gerrit redirects to a URL different from '/' (I think '/login') and the authentication is triggered by the container. The anchor is preserved in Gerrit and becomes part of the redirection URL.
Edwin
[1] http://www.mikeduncan.com/named-anchors-are-not-sent/
Nov 15, 2011
Hi Edwin, thanks for you feedback. It sounds very reasonable. When opening https://review.typo3.org/1234, a Location header refering to http://review.typo3.org/#q,1234,n,z is sent (so back to plaintext HTTP). Then we have a redirect back to HTTPS and this seems to be the point, where user agents differ. While Chrome keeps the anchor, Opera drops it. We have an external authentication provider for /login/ configured int the Apache in front of Gerrit, thus I hope that it's not like in your case, but instead somehow related the HTTP(S) back and forth. I guess we should change the listenUrl to proxy-https://review.typo3.org? (see https://review.typo3.org/Documentation/config-gerrit.html#_a_id_httpd_a_section_httpd) and thus let Gerrit not redirect to HTTP? Should that work? Thanks Steffen
Nov 21, 2011
We now changed to proxy-https:// and it works now. Thanks for giving us the pointer! Issue can be closed.
Nov 22, 2011
(No comment was entered for this change.)
Status:
Invalid
|
|
| ► Sign in to add a comment |