Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Proxy attempts to normalize encoded slash by issuing http 301 redirect #175
Describe the bug
I believe the main reason is that SSO proxy attempts to normalize request path, initially RabbitMQ issues request to:
Then proxy issues a HTTP 301 redirect to
This clearly does not happen when connecting to management UI via port forward.
Actually, after looking into the SSO repo a bit more, I couldn't find anything that would be contributing to this behavior.
After more investigation, this is happening from the Go's standard libraries
See a full example here: https://play.golang.org/p/H2Br99jNcwT
And see a more explicit example shows this is coming from the way the Go standard library parses the request, the mux cleans the URL path, and the way the redirect handler parses and re-cleans the url.
Condensed Example: https://play.golang.org/p/Lo5Xh88mZbR
To "fix", we'd have to drop support for Go's standard
This might be a potential path in the future, but for now, this seems to be working as intended. I'd suggest opening an issue against golang itself to see if you can update the standard library logic, or against rabbitmq to change these problematic URLs.
@jphines do you have ideas how we could workaround this for time being? Maybe some configuration change would disable that routine for certain paths? We are okay to disable authorization for certain paths as RabbitMQ is password protected by itself.
RabbitMQ development team is known in terms of their "maintenance" and they won't ever consider doing this change. Going trough Go would be a really hard path including we don't have Go developers able to contribute this PR and this project would need to update to the latest Go version even if it gets through.