Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Urgent: fix redirect loops for meta.*.stackexchange.com #9110

Merged
merged 2 commits into from Mar 17, 2017
Merged
Changes from all commits
Commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.

Always

Just for now

@@ -7,7 +7,7 @@
- www.stackapps.com ==> Mismatched
- mathoverflow.com ==> No response (only a redirect to mathoverflow.net anyway)
- meta.*.stackexchange.com ==> Mismatched
- meta.*.stackexchange.com ==> Mismatched (now *.meta.stackexchange.com)
- blog.* ==> Mixed Active Content
- www.stackoverflow.blog ==> Mismatched
@@ -46,14 +46,16 @@
<test url="http://unix.stackexchange.com/" />
<test url="http://writers.stackexchange.com/" />

<!-- deeper domains cause certificate mismatch errors - there is also a downgrade rule below -->
<exclusion pattern="^http://([\w.-]+)\.([\w-]+)\.stackexchange\.com"/>
<!-- old child meta domains cause certificate mismatch errors -->
<exclusion pattern="^http://meta\.([\w-]+)\.stackexchange\.com"/>
<test url="http://meta.unix.stackexchange.com/" />
<test url="http://meta.opendata.stackexchange.com/" />
<test url="http://blog.gaming.stackexchange.com/" />
<test url="https://meta.unix.stackexchange.com/" />
<test url="https://meta.opendata.stackexchange.com/" />
<test url="https://blog.gaming.stackexchange.com/" />

<!-- gaming blog causes certificate mismatch errors -->
<exclusion pattern="^http://blog\.gaming\.stackexchange\.com"/>
<test url="http://blog.gaming.stackexchange.com/" />

<!-- but this one should not -->
<exclusion pattern="^https://qa\.sockets\.stackexchange\.com/" />
@@ -138,10 +140,10 @@
<securecookie host="^teststackoverflow\.com$" name=".+" />

<!-- Rules -->
<!-- https links from other pages to these will cause MCB for important elements, hence the downgrades -->
<rule from="^https://([\w.-]+)\.([\w-]+)\.stackexchange\.com/"
to="http://$1.$2.stackexchange.com/" downgrade="1" />

<!-- meta.* sites moved to *.meta - we can safely redirect to their new equivalents, which support https -->
<!-- details: https://meta.stackexchange.com/questions/292058/network-wide-https-its-time -->
<rule from="^https://meta\.([\w-]+)\.stackexchange\.com/" to="https://$1.meta.stackexchange.com/" />

<rule from="^http://www\.stackoverflow\.blog/" to="https://stackoverflow.blog/" />

This comment has been minimized.

Copy link
@Bisaloo

Bisaloo Mar 17, 2017

Collaborator

I think this rule can be removed. This domain is now properly handled with the trivial rewrite.

This is unrelated to the issue at hand though and it doesn't necessarily has to make it in this particular PR.

This comment has been minimized.

Copy link
@jeremyn

jeremyn Mar 17, 2017

Contributor

The redirect from meta.* to *.meta doesn't happen in HTTPS though, in fact it can't because they don't have valid certificates for meta.*. So I'm okay with rewriting it here.

This comment has been minimized.

Copy link
@Bisaloo

Bisaloo Mar 17, 2017

Collaborator

My bad, something went wrong with my comment. I was talking about the rule line 148:

<rule from="^http://www\.stackoverflow\.blog/" to="https://stackoverflow.blog/" />

This comment has been minimized.

Copy link
@jeremyn

jeremyn Mar 17, 2017

Contributor

That's not handled by the trivial rewrite, because it's sending www to ^.

This comment has been minimized.

Copy link
@Bisaloo

Bisaloo Mar 17, 2017

Collaborator

Yes, what I meant is that https://www.stackoverflow.blog is valid now. Sure, it's 301 redirected to https://stackoverflow.blog/ but according to the ruleset style guidelines, we should use the trivial rewrite in this case, shouldn't we?

This comment has been minimized.

Copy link
@jeremyn

jeremyn Mar 17, 2017

Contributor

Oh, I see what you mean. You're right, we shouldn't have this rule. However the whole ruleset needs review and we don't need to remove that in this pull request.


ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.