Handle HTTP redirects #754
Conversation
| @@ -78,40 +79,22 @@ httpLibCurl <- function(protocol, | |||
| con <- file(contentFile, "rb") | |||
| on.exit(if (!is.null(con)) close(con), add = TRUE) | |||
|
|
|||
| if (identical(method, "POST")) { | |||
There was a problem hiding this comment.
This is possibly overly aggressive, but the comment doesn't make sense to me as the 3xx redirects only apply to the result of the upload, not the upload itself. This is possibly a misdiagnosis of an older problem, because I don't think there should be a general difference between PUTs and POSTs. It's possible that this might have also resolved #544.
There was a problem hiding this comment.
Looks like this code existed from day one of the libcurl implementation: #348
| else | ||
| stop(e) | ||
| })) | ||
| time <- system.time( |
There was a problem hiding this comment.
I also simplified this since the user interrupt error message has changed so that had no effect and I'm pretty sure that "transfer closed" is a legit error we do want to bubble up.
There was a problem hiding this comment.
I'm pretty sure that some of this logic was trying to trap auth errors during uploads. When there's an auth failure, the client may not see the entire body as sent. This code was trying to handle that situation, but never quite handled most of the cases.
In poking around a little, we see terminated uploads for rpubs -- things that are larger than the bundle upload limit. #450 (comment) for quite a bit of discussion about it, but I never really figured out the cleanest way to handle those errors.
We wanted to try to ignore the "upload" problem and extract the real HTTP error in the response, if possible.
I don't know the best way to react to this type of error, nor if we really need to maintain the old code -- mostly, this helps inform a testing strategy.
There was a problem hiding this comment.
Ok, I'll have a go with some uploading some really large files and see if I can recreate it.
There was a problem hiding this comment.
I uploaded a 1 Gb app to shinyapps and Posit connect, and didn't see any problems. I'll follow up on the rpubs issue later since it's already individually tracked.
There was a problem hiding this comment.
Connect users generally see these errors when there is an intermediate proxy which limits the upload payload size. For example, nginx may use a restricted client_max_body_size.
https://docs.posit.co/connect/admin/proxy/#simple-configuration
Focus on the rpubs case, since I know that's reliable.
There was a problem hiding this comment.
I uploaded a 33 Mb html with no problems. You can see it in all its glory at https://rpubs.com/hadley/large-file.
There was a problem hiding this comment.
Also tested updating, since that uses a PUT instead of POST.
There was a problem hiding this comment.
Was that a large Rmd or a large bundle? Because we gzip, it's harder to get a large bundle. I ended up using a specific document when last playing with that issue, but it's likely changed since I tried.. I think I have a copy locally somewhere. #450 (comment)
There was a problem hiding this comment.
@aronatkins From the progress bar 😄 Uploaded 23796573 bytes... so ~22 Mb.
| else | ||
| stop(e) | ||
| })) | ||
| time <- system.time( |
There was a problem hiding this comment.
I'm pretty sure that some of this logic was trying to trap auth errors during uploads. When there's an auth failure, the client may not see the entire body as sent. This code was trying to handle that situation, but never quite handled most of the cases.
In poking around a little, we see terminated uploads for rpubs -- things that are larger than the bundle upload limit. #450 (comment) for quite a bit of discussion about it, but I never really figured out the cleanest way to handle those errors.
We wanted to try to ignore the "upload" problem and extract the real HTTP error in the response, if possible.
I don't know the best way to react to this type of error, nor if we really need to maintain the old code -- mostly, this helps inform a testing strategy.
| # https://www.rfc-editor.org/rfc/rfc9110.html#name-redirection-3xx | ||
| service <- parseHttpUrl(httpResponse$location) | ||
| authed_headers <- c(headers, authHeaders(authInfo, "GET", service$path)) | ||
| httpResponse <- http( |
There was a problem hiding this comment.
This redirect handling is assuming that the original request (and its payload) do not need to be re-sent. Is that the situation you're seeing?
It feels like the redirection that's set-up for colorado might demand a replay.
curl -v http://colorado.rstudio.com/rsc/__api__/server_settings
#> HTTP/1.1 301 Moved Permanently
#> Location: https://colorado.rstudio.com/rsc/__api__/server_settings
curl -v https://colorado.rstudio.com/rsc/__api__/server_settings
#> HTTP/1.1 302 Found
#> Location: http://colorado.posit.co/rsc/__api__/server_settings
The original request never landed.
Some systems support 100-continue request/response to avoid sending the payload before receiving confirmation; I'm not sure that any of these servers support that workflow.
Most resources will indicate that you should not automatically replay the request in cases like colorado - a shift from one hostname to another - without explicit confirmation.
We probably want at least:
- Be transparent about the redirect.
- Offer an option to err rather than walk through the redirect.
There was a problem hiding this comment.
To precisely follow the spec we should re-POST with body only for 307 and 308. I'm happy to do that, but I suspect it won't appreciably change behaviour because most folks won't be using those status codes.
To be clear, I don't think code is a panacea for all redirect related issues, it's just an important first step. If we really want to handle a server changing host names, I think we'll need code that detects the problem and then updates the record on disk. But I'm not sure how important that problem is and I'm not sure we need to do it proactively, or should wait on someone to file an issue.
There was a problem hiding this comment.
The colorado examples give us two motivating examples:
- HTTP => HTTPS
- Host rename
I'm not sure that there's a good answer, especially since the colorado example shows us that 301/302 are much more common than 307/308.
Thinking out loud:
- Automatic replay of all redirects requires no user intervention, which is a smooth experience.
- Server URLs are left stale, meaning every subsequent request hits the redirect penalty.
- Server names are left stale, meaning the UI / metadata will always reflect the old name.
- Account records reflect the stale server name.
If we ignore updating the server and account records for a moment, we could run a pre-flight check against the client URL to make sure it is still "correct" and update the URL in-memory. That would correct the following requests without hitting multiple redirects and would give us a single place to ask for confirmation, log, or reject the redirect.
In other words, run something like validateServerUrl before using the client to do meaningful work.
There was a problem hiding this comment.
Notes to self: need something like validateConnectServer() that we run in deployApp() before hitting any endpoints. If url has redirected, need to prompt the user to update the record on disk (if interactive), or otherwise warn or continue. Might want to consider automatically updating if the hostname stays the name.
There was a problem hiding this comment.
While making coffee this morning, I suddenly realised that we can't just update an existing server record on disk, because that will break existing deployments. We need some way to also "redirect" existing server records to a new server record. So I won't tackle that here, but consider it in a future PR.
There was a problem hiding this comment.
Yeah; the association between the server records and the accounts and deployments records came up during our chat. The pre-flight can ask if folks should proceed through the redirect, but it's not straightforward to rewrite the records.
| @@ -355,6 +391,7 @@ authHeaders <- function(authInfo, method, path, file = NULL) { | |||
| } | |||
| } | |||
|
|
|||
| # https://github.com/rstudio/connect/wiki/token-authentication#request-signing-rsconnect | |||
There was a problem hiding this comment.
fyi: this is an internal link.
| else | ||
| stop(e) | ||
| })) | ||
| time <- system.time( |
There was a problem hiding this comment.
Was that a large Rmd or a large bundle? Because we gzip, it's harder to get a large bundle. I ended up using a specific document when last playing with that issue, but it's likely changed since I tried.. I think I have a copy locally somewhere. #450 (comment)
| curl::handle_setopt( | ||
| handle, | ||
| noprogress = !progress, | ||
| upload = TRUE, |
There was a problem hiding this comment.
Have we lost post = TRUE, which uses a POST request? Is that redundant with the curl::handle_setopt(handle, customrequest = method)?
There was a problem hiding this comment.
Hmmm, good catch and good question. The post is a pretty complicated option that changes a bunch of stuff behind the scenes (e.g. adds Content-Type: application/x-www-form-urlencoded, Expect: 100-continue, headers etc). I have a vague recollection that this also changes the redirect handling (because it'll follow the spec for 307/308), but that doesn't matter here since we've suppressed that.
I'm neutral on whether to preserve it or drop it.
- In favour of dropping it: the code in this PR works and it's very clear exactly how we're modifying the request.
- In favour of keeping: I know curl applies more special
POSTlogic if it's set, and that may save us from grief down the road.
#Conflicts: # R/ide.R # tests/testthat/test-ide.R
Fixes #674
Uploading to shinyapps.io works without redirects because the result of
client$updateBundleStatus(), which needs the redirect, is not used.@aronatkins any ideas for testing? I verified that this works with an interactive deployment to shinyapps, and the
httpRequest()path is tested viavalidateConnectUrl(). But currently no automated tests hit thehttpRequestWithBody()path. Would you mind also verifying that connect/shinyapps doesn't emit any 307 or 308 redirects that I should be respecting?