New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bar.js won't load if current URL 404s due to apache restrictions #407
Comments
Thanks @dg for the explanation. Can you think of a way to accommodate that as well as ensuring Tracy can still load in the scenario described above, or should I just close this because it's something we just need to live with? |
I do not understand why you can visit |
It's possible to visit both. Here is the htaccess file (https://github.com/processwire/processwire/blob/master/htaccess.txt) that contains that rule noted in the OP. I misspoke above when I said it prevents complete access to PHP, but it does prevent http://pwtest.test/blah/ loads Tracy fine (even though that page still doesn't exist. Of course thes request is making use of mod_rewrite as you can see in the htaccess I just linked to: If I remove that Does that explain it better? Thanks. |
Oh, so problem is that Apache returns 404. So solution is to add |
I think that point is, that Tracy GET is not even executed, because the Apache denied access before a rewrite rule to index.php is done. |
If Tracy appears on the url |
Tracy doesn't appear at that URL - it gives the errors I showed here: #407 (comment) Tracy does appear at: http://pwtest.test/blah (note the missing apostrophe), because the htaccess rule isn't getting invoked and isn't preventing the rewrite at the bottom of the file to Here are some interesting results - note the graphics show the request for the URL itself and then the URL with the tracy get params. http://pwtest.test/blah (no apostrophe) http://pwtest.test/bla'h (with apostrophe) So you can see that the request which includes the Do those help explain things? |
When I said that Tracy appears I meant that Tracy is enabled (and generates some HTML output). So I don't understand why is Tracy enabled on http://pwtest.test/bla'h but not on http://pwtest.test/bla'h?xxx. Maybe GET parameters aren't passed correctly to PHP. Or maybe there is something in source code that prevents Tracy to do its work. |
Sorry, I must be being dumb here, but I don't see that Tracy is generating any HTML output on http://pwtest.test/bla'h - what output are you referring to? |
Something like |
Well, I do get this when viewing http://pwtest.test/bla'h?_tracy_bar=js&v=2.7.3&XDEBUG_SESSION_STOP=1 directly: |
So try to dump $_GET parameters on this page. |
Returns an empty array |
So it is misconfiguration of Apache. Probably somewhere is RewriteRule without QSA. |
Ok, so I went looking and it turns out it's this: which prevents the query string parameters from making it to Processwire's 404 handler. Seems like it might be possible to implement a solution in ProcessWire that makes use of Sorry for the time you spent on this today - it just seemed like a weird way to load Tracy's JS file, I wanted to make sure something couldn't be done at this end. |
Version: 2.7.3
Bug Description
If you visit a URL that is blocked by apache (ie before it hits PHP), eg:
http://pwtest.test/hjk'k
when there is an Apache rule like:
preventing access to a URL with a
'
.you get the following error:
GET http://pwtest.test/bla'h/?_tracy_bar=js&v=2.7.3&XDEBUG_SESSION_STOP=1 net::ERR_ABORTED 404 (Page Not Found)
Possible Solution
I am not sure the relevance of using
<?= Helpers::escapeHtml($baseUrl) ?>
here:tracy/src/Tracy/Bar/assets/loader.phtml
Line 22 in f1d0d25
Is there a reason the full URL to the page is needed here? If the path is changed to the root of the site, eg: http://pwtest.test/?_tracy_bar=js&v=2.7.3&XDEBUG_SESSION_STOP=1 then it loads as expected, but perhaps there is a need for the full url to the current page that I am not aware of.
Thanks.
The text was updated successfully, but these errors were encountered: