Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Trinidad is serving an external page as the homepage of a Rails app #93

Closed
tamersalama opened this Issue · 4 comments

2 participants

@tamersalama

Using a vanilla configuration of trinidad with jruby-rack (no trinidad configuration file, with web.xml file excerpt below), it looks like trinidad is serving the home page of TechSpot.com!

~/my_app> trinidad

visiting http://localhost:3000 renders a page with contents from TechSpot.com

#Gemfile
group :development do
  gem 'trinidad', '1.4.3', :require => nil

  #with jruby-rack 1.1.10 locked
  ...
end
#routes.rb
MyApp::Application.routes.draw do
   root :to => "some_controller#index"
  ...
end
<!--web.xml-->
<web-app>
  <context-param>
    <param-name>public.root</param-name>
    <param-value>/</param-value>
  </context-param>
  <context-param>
    <param-name>jruby.min.runtimes</param-name>
    <param-value>1</param-value>
  </context-param>
  <context-param>
    <param-name>jruby.max.runtimes</param-name>
    <param-value>1</param-value>
  </context-param>
  <context-param>
    <param-name>jruby.compat.version</param-name>
    <param-value>1.9</param-value>
  </context-param>
  <filter>
    <filter-name>RackFilter</filter-name>
    <filter-class>org.jruby.rack.RackFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>RackFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <listener>
    <listener-class>org.jruby.rack.rails.RailsServletContextListener</listener-class>
  </listener>
....
</web-app>

Rails 3.2.8
JRuby 1.6.8 (1.9 mode)
Win XP

The system has another installation of Tomcat.

When uninstalling trinidad gem and relying on Webrick - the homepage is served properly.

@kares
Owner

hey, this soundz like a joke - seriously there's no code in Trinidad that grabs the content of http://techspot.com :) !
maybe try removing public.root param since for a Rails app you most likely got it wrong ... personally I would remove the whole web.xml since you only set defaults for a threadsafe! up which Trinidad can detect (or you can trinidad --threadsafe) unless of course due some custom Java filter of yours you really need the RackFilter (Trinidad defaults to using the RackServlet and would set it up for you). also there's no need to uninstall the gem to try things out with Webrick, besides you might want to bundle update trinidad to 1.4.4 ... hope this helps, cheers

@tamersalama

Thank you @kares for the tips.

It indeed sounds like a joke :)

The public.root is what's causing the strange behaviour. Removing the public.root (while keeping others) serves the appropriate home. Adding back the public.root forces http://techspot.com load !!

Not sure if it's a jruby-rack issue or what, but specifying a public.root is legit.

updated to 1.4.4

@tamersalama

OK - I think this is jruby-rack issue.

If the path is empty (the case with http://localhost:3000) - jruby-rack attempts to serve index.html.

Seemingly since in my web.xml the public.root is specified as / (Relative path to the location of your application's static assets. Defaults to /), jruby-rack attempts to serve the file off of my system's root (D:\index.html). I had a wget'd index.html from TechSpot.com a while back.

Now, the interesting part is that I can navigate to other static files off of my system's root. http://localhost:3000/tmp/f.log will serve files off D:/tmp/f.log !

@kares
Owner

I see, that's more likely a Trinidad issue after-all since it expands the path - it probably should not expand / as it might end up confusing users while still allowing for an absolute path. Anyway if you leave it as is (defaults to ./public which gets interpreted relatively from application root) or specify public assuming a Rails app it will work without any security side affects ...
Thanks for the report and the investigation, will be fixed in the next release.
p.s. At least TechSpot.com had an explanation :) !

@kares kares closed this issue from a commit
@kares kares do not allow public.root == '/' to be used as FS root (closes #93)
in this case public dir should expand to web app root directory
caeb5e1
@kares kares closed this in caeb5e1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.