update message id link to use https..

John-Mark Gurney jmg at funkthat.com
Mon Nov 5 16:42:18 UTC 2018 

Eitan Adler wrote this message on Sat, Nov 03, 2018 at 15:23 -0700:
> On Sat, 3 Nov 2018 at 11:13, John-Mark Gurney <jmg at funkthat.com> wrote:
> >
> > I'd like to apply the following patch, so that the link at the bottom
> > of messages is by default https instead of http:
> >
> > Any objections?
> 
> LGTM

So, looks like I discovered a minor bug in our redirection part of mid.cgi.

do a:
fetch https://docs.freebsd.org/cgi/mid.cgi?20181101174032.GN81143@FreeBSD.org

and you'll get forbidden.  It turns out that we are sending a scheme relative
URL in the 302 Moved response, so apparently most web browsers handle this
correctly, BUT, if you read the RFC for HTTP/1.1, Location needs to be an
absoluteURI:
https://tools.ietf.org/html/rfc2616#section-14.30

and an absoluteURI per https://tools.ietf.org/html/rfc2396 requires a scheme..

Fetch doesn't handle this correctly, and per running w/ -vvv, you see that
it tries to fetch: https://docs.freebsd.org//docs.freebsd.org/cgi/getmsg.cgi?fetch=0+0+/usr/local/www/mailindex/archive/2018/freebsd-snapshots/20181104.freebsd-snapshots

and it goes on another redirect...

So, any objections to me adding https: to the front of the redirect?

This is fine, as we now redirect http to https for docs.freebsd.org
anyway, so we don't need to add protocol detction...

Comments?

I don't know how to test this to make sure I don't break anything.

Looks like the following patch should fix this:
Index: mid.cgi
===================================================================
--- mid.cgi	(revision 52381)
+++ mid.cgi	(working copy)
@@ -89,7 +89,7 @@
 	local($id, $file, $start) = split($", $idlist[0]);
 	$location =~ s%/[^/]+$%%;
 	local($host) = $ENV{'HTTP_HOST'};
-	$location = '//' . $host . $location;
+	$location = 'https://' . $host . $location;
 	$start =~ s/\s+$//;
 
 	print "Location: $location/getmsg.cgi?fetch=$start+0+" .

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."

More information about the freebsd-doc mailing list