Project

General

Profile

Actions

Defect #5460

closed

HTTP 403 seen for some updates based on description contents containing https://

Added by Dave Carpeneto about 14 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
2010-05-06
Due date:
% Done:

0%

Estimated time:
Resolution:
Invalid
Affected version:

Description

I have an issue with the detail as follows:

Tied to https://answers.launchpad.net/sparkle/+question/107876

… on subsequent update / journal add I get the following error:

Processing ApplicationController#index (for 174.115.64.120 at 2010-05-06 13:07:21) [GET]
  Parameters: {"commit"=>"Submit", "notes"=>"simple update", "authenticity_token"=>"DZFgt6vQgKDp9WtCM0GXZcDqy+Rd8LJ+QYPmv1XnQxk=", "issue"=>{"start_date"=>"2010-05-05", "estimated_hours"=>"", "priority_id"=>"5", "lock_version"=>"2", "fixed_version_id"=>"", "done_ratio"=>"0", "assigned_to_id"=>"", "subject"=>"Sparkle should work for app as well as SysPrefPane", "tracker_id"=>"1", "due_date"=>"", "status_id"=>"1", "description"=>"Tied to https://answers.launchpad.net/sparkle/+question/107876"}, "attachments"=>{"1"=>{"description"=>""}}}

ActionController::RoutingError (No route matches "/403.shtml" with {:method=>:get}):

Rendering /home/carpenet/rails_apps/redmine/public/404.html (404 Not Found)

… whereas if I change the exact same tickets description to:

Tied to answers.launchpad.net/sparkle/+question/107876

… the update works fine:

Processing IssuesController#edit (for 174.115.64.120 at 2010-05-06 13:12:51) [POST]
  Parameters: {"commit"=>"Submit", "notes"=>"simple update", "action"=>"edit", "authenticity_token"=>"DZFgt6vQgKDp9WtCM0GXZcDqy+Rd8LJ+QYPmv1XnQxk=", "id"=>"2", "issue"=>{"start_date"=>"2010-05-05", "estimated_hours"=>"", "priority_id"=>"5", "lock_version"=>"3", "fixed_version_id"=>"", "done_ratio"=>"0", "assigned_to_id"=>"", "subject"=>"Sparkle should work for app as well as SysPrefPane", "tracker_id"=>"1", "due_date"=>"", "status_id"=>"1", "description"=>"Tied to answers.launchpad.net/sparkle/+question/107876"}, "controller"=>"issues", "attachments"=>{"1"=>{"description"=>""}}}

Redirected to http://tickets.atomiccocoa.com/issues/2
Completed in 127ms (DB: 24) | 302 Found [http://tickets.atomiccocoa.com/issues/2/edit]

… note that setting log levels to debug provide absolutely no further information in the failed case (in the successful case the logging is fantastic). So I'm guessing that the 403 is thrown almost instantaneously.

Seems to be very reproducible. Running 0.9.4.

About your application's environment
Ruby version              1.8.7 (i686-linux)
RubyGems version          1.3.5
Rack version              1.0
Rails version             2.3.5
Active Record version     2.3.5
Active Resource version   2.3.5
Action Mailer version     2.3.5
Active Support version    2.3.5
Edge Rails revision       unknown
Application root          /home/carpenet/rails_apps/redmine
Environment               production
Database adapter          mysql
Database schema version   20100221100219

Actions #1

Updated by Dave Carpeneto about 14 years ago

Just noticed the following differences in the parameters passed - it's not just the 'https://' bit in description, although that's all that's different WRT the input parameters:

BAD CASE

Parameters: {
  "commit"=>"Submit", 
  "notes"=>"simple update", 
  "authenticity_token"=>"DZFgt6vQgKDp9WtCM0GXZcDqy+Rd8LJ+QYPmv1XnQxk=", 
  "issue"=>{
    "start_date"=>"2010-05-05", 
    "estimated_hours"=>"", 
    "priority_id"=>"5", 
    "lock_version"=>"2", 
    "fixed_version_id"=>"", 
    "done_ratio"=>"0", 
    "assigned_to_id"=>"", 
    "subject"=>"Sparkle should work for app as well as SysPrefPane", 
    "tracker_id"=>"1", 
    "due_date"=>"", 
    "status_id"=>"1", 
    "description"=>"Tied to https://answers.launchpad.net/sparkle/+question/107876" 
  }, 
  "attachments"=>{
    "1"=>{
      "description"=>"" 
    }
  }
}

GOOD CASE

Parameters: {
  "commit"=>"Submit", 
  "notes"=>"simple update", 
  "action"=>"edit", 
  "authenticity_token"=>"DZFgt6vQgKDp9WtCM0GXZcDqy+Rd8LJ+QYPmv1XnQxk=", 
  "id"=>"2", 
  "issue"=>{
    "start_date"=>"2010-05-05", 
    "estimated_hours"=>"", 
    "priority_id"=>"5", 
    "lock_version"=>"3", 
    "fixed_version_id"=>"", 
    "done_ratio"=>"0", 
    "assigned_to_id"=>"", 
    "subject"=>"Sparkle should work for app as well as SysPrefPane", 
    "tracker_id"=>"1", 
    "due_date"=>"", 
    "status_id"=>"1", 
    "description"=>"Tied to answers.launchpad.net/sparkle/+question/107876" 
  }, 
  "controller"=>"issues", 
  "attachments"=>{
    "1"=>{
      "description"=>"" 
    }
  }
}

... so in addition to the different issue.description the bad case is missing the following attributes completely:

  1. id
  2. action
  3. controller

... so the POST data is missing stuff. Is this maybe a javascript issue ? I've tried this in Safari & Firefox - both exhibit the problem

Actions #2

Updated by Go MAEDA over 7 years ago

  • Status changed from New to Closed
  • Resolution set to Invalid

The HTTP request was probably blocked by mod_security or something. Redmine does not have codes to redirect to /403.shtml.

Actions

Also available in: Atom PDF