Bad header with HTTPFound() method #212
Comments
|
On Fri, 2011-06-17 at 23:08 -0700, pppierre wrote:
Without getting into details, I suspect the problem that is exposed here
|
|
Great! Thanks. |
|
I am testing Pyramid 1.1. I note the bug about HTTPFound() page length has not been fixed. |
|
I don't know how to repeat this issue. The below script is an application, which, when visited on "/" uses HTTPFound to redirect to '/foo'. It has the WDGValidator middleware in its pipeline. When I run it, it redirects without telling me anything is particularly wrong with the intermediate redirect page. Can you help me change it to replicate the issue? from pyramid.view import view_config
from pyramid.config import Configurator
from pyramid.response import Response
from pyramid.httpexceptions import HTTPFound
from paste.httpserver import serve
from paste.debug.wdg_validate import WDGValidateMiddleware
@view_config(route_name='redirect')
def test_page(request):
return HTTPFound('/foo')
@view_config(route_name='foo')
def foo_page(request):
return Response('<!DOCTYPE html><html><head></head><body>foo</body></html>')
if __name__ == '__main__':
config = Configurator()
config.add_route('redirect', '/')
config.add_route('foo', '/foo')
config.scan('__main__')
app = config.make_wsgi_app()
app = WDGValidateMiddleware(app)
serve(app) |
|
Ran into this tonight when working with Velruse's Twitter redirect. It is specific to Mac (Lion - 10.7.2), Chrome (15.0.874.121), Chrome Canary (17.0.948.0 canary), Safari (5.1.1 (7534.51.22)) and Opera (11.52) are affected, Firefox 9.0 Beta and Firefox 8.0 work. The sample code above does not trigger it, and, Velruse's Facebook redirect which is functionally equivalent doesn't have a problem. Both bound methods appear to be identical. Moving the fb_url to the Twitter code still breaks, moving the Twitter url to the Facebook Code allows it to work. I believe this issue is still a problem internal to webob as even passing return HTTPFound(location='http://www.google.com/') breaks. Something in Velruse or Paste (since Velruse is a composite app) is sending something through to the WSGI exception handler that is causing an issue. This is the header sent: HTTP/1.1 302 Found I need to check the RFC, but, I believe Content-Length is wrong. |
|
This appears to be related to WebOb. On Chrome/Chrome Canary/Safari/Opera, a snippet of the response looks like: 00000520 31 4d 54 67 32 4d 54 68 6c 4f 54 45 31 59 6d 4d |1MTg2MThlOTE1YmM| On Firefox 8/Firefox 9 beta, the same snippet looks like: 00000400 4d 77 4f 47 46 69 5a 57 59 77 4d 57 4d 34 4e 32 |MwOGFiZWYwMWM4N2| some of the high order characters in the first response appear to be triggering it, particularly the 90 ca c6 bb prior to endpoint which should be \r\n. |
|
In Velruse, providers/twitter.py r = requests.get(REQUEST_URL, headers=oauth_request.to_header()) appears to munge the existing request. Wrapping the request with: Allows it to work. I suspect this isn't an issue with Pyramid/WebOb that I am running into, but, a leak in requests that is modifying request. |
|
It appears to be related to HTTP 401 Authorization on the url being requested which appears to do something to the connection pool. |
|
Now it gets odd: Merely printing request makes it work. Without that line, the connection is closed. |
|
OK, well, if that's the case, we should continue discussion on it in the velruse issue tracker (as its not really related to Pyramid, but only to Velruse and its use of "requests"): bbangert/velruse#30 |
|
I misread the code above when I entered the last comment; "request" is still a webob request. Closing the issue above; this is still the appropriate place I guess. |
|
Removed the print statement to further debug: With: pyramid.includes = pyramid_tm or [filter:tm] [pipeline:psflh] [composite:main] Either configuration, when tm is called I get the reset and corrupted request object. Removing tm (on either my small test site) or the site I was developing allows the page to function as it should. in development.ini |
|
Scratch that, worked for 15 or so requests after clearing cache each time, issue recurs somewhat randomly, though, less frequent. |
|
Further debugging: blaflamme tested URL with Mac OS/X Lion + Webkit browser, page worked as expected Executing through proxy server works. Executing same script through mod_wsgi works. Modifying the exception handlers to print a message over 540 bytes (to avoid smart error messages) did not allow Webkit to work. Removing egg:WebError#evalerror from the pipeline (which is the only change to the .ini to make it run under mod_wsgi) makes no difference. Webkit string of payload: 0Hvw Firefox response for same request: 0Hvw
Only occurs when using paster serve --reload development.ini - using uwsgi or mod_wsgi appear to work consistently (less than 15 tests on uwsgi, over 50 tests on mod_wsgi) This currently happens consistently for me on a Python 2.6 environment with Velruse and the /velruse/twitter/login url. In a Python 2.7 environment with Velruse, the /velruse/twitter/login works, however, if the link is embedded in a page or form submission button, the redirect created by Velruse won't work. It consistently happens on a view created by Deform that has a form action that 404s both on 2.6 and 2.7. Does not occur in any scenario if a proxy server is used. Happens on multiple machines on my network and I do believe it is the same issue experienced by the original poster since the response packet does appear to be missing Content-length on webkit browsers, but, only because the response is munged. Does not happen with installations on same OS served on the local net, so, I'm assuming this is probably a Paster or Webob induced problem triggered through Pyramid. I doubt Pyramid is creating the problem, merely the catalyst. I believe the issue deals with the way Webkit handles form submissions by sending an RST to ensure the keepalive session is still active. Paster appears to corrupt the request rather than properly restarting. I think this might be insulated by some firewalls which will (improperly) drop the RST without EST set. |
|
Replacing paste.http with cherrypy (as per mcdonc's suggestion in IRC works). Requires PasteScript>=1.7.5 |
|
I'm closing this issue, as I think it has lost all focus on one actual problem. If anyone still has bugs, please re-report them in a different place. |
Hi,
I use the last version of Pyramid and I validate my pages with WDG. Here is an extract of my development.ini file:
[pipeline:main]
pipeline =
egg:WebError#evalerror
egg:Paste#wdg_validate
TestAgent
Now, when I use a HTTPFound() method, wdg_validate crashes. The reason seems simple: HTTPFound() no longer sets page length (Content-Length) in the header.
I think it's very easy to fix.
Patrick PIERRE
The text was updated successfully, but these errors were encountered: