Opened 7 years ago

Closed 6 years ago

Last modified 6 years ago

#9199 closed (fixed)

Common middleware PREPEND_WWW broken

Reported by: gonz Owned by: nobody
Component: Core (Other) Version: master
Severity: Keywords:
Cc: gonz Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


I think theres a bug in CommonMiddleware's PREPEND_WWW and it's not working as expected.

I think the bug was introduced after [8456], it will prepend 'www.' only if request.path_info doesn't have a trailing slash. I have reproduced this running under the dev web server and apache. Patch attached.

Attachments (3)

patch.diff (501 bytes) - added by gonz 7 years ago.
patch2.diff (2.9 KB) - added by gonz 6 years ago.
patch2_tests_added.diff (4.4 KB) - added by gonz 6 years ago.
Added tests to patch2.diff

Download all attachments as: .zip

Change History (11)

Changed 7 years ago by gonz

comment:1 Changed 7 years ago by romke

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

works for me

comment:2 Changed 7 years ago by SmileyChris

  • Needs tests set
  • Triage Stage changed from Unreviewed to Accepted

Patch looks good - it does look like that was a bad change in r8456

This would be a good ticket to add tests for PREPEND_WWW.

comment:3 Changed 6 years ago by mtredinnick

  • Needs tests unset
  • Patch needs improvement set

No, this patch is bad. The problem report looks valid enough, but it doesn't seem to be caused by this line (or, if it is, it needs to be fixed differently). Any calls to Django's URL resolver must use request.path_info and new_url[1] is the same as request.path, which will include the SCRIPT_NAME prefix. Django's URL resolver doesn't care (and shouldn't know) about the script name prefix -- it won't work if you pass in something with such a script name. That's exactly why r8456 was introduced (as discussed in the ticket the changeset refers to; all the history is available).

This stuff is almost impossible to test in the automated test suite as a practical matter, since it requires control over domain names and installation paths, so I'm not too worried about manual testing for this stuff. But the patch still has to be correct.

comment:4 Changed 6 years ago by SmileyChris

Oops, I brushed over the details and put my foot in it. Malcolm's right that this isn't the correct fix - but the issue is definitely around this line.

The whole logic being used here is a bit messed up. That resolve depends on needing a slash to be entered - it could just be a www change which is needed.

comment:5 Changed 6 years ago by gonz

  • Cc gonz added
  • Needs tests set
  • Patch needs improvement unset

Thank you Malcom, now the problem it's much clear.

I think we should just move the last resolve. Chris is right and It only makes sense to try that resolve if we are adding a trailing slash. I'm attaching a new patch.

Changed 6 years ago by gonz

Changed 6 years ago by gonz

Added tests to patch2.diff

comment:6 Changed 6 years ago by gonz

  • Needs tests unset

Added some simple test cases.

comment:7 Changed 6 years ago by mtredinnick

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in r9184.

comment:8 Changed 6 years ago by mtredinnick

(In [9185]) [1.0.X] Fixed #9199 -- We were erroneously only prepending "www" to the domain
if we also needed to append a slash (when PREPEND_WWW=True).

Based on a patch and tests from gonz. Thanks.

Backport of r9184 from trunk.

Note: See TracTickets for help on using tickets.
Back to Top