Navigating using the select menu in the Chapter Index redirects from insecure site to secure

Description

Steps to reproduce

  1. Go to insecure staging: http://test.archiveofourown.org

  2. Log out to ensure you're accessing works in chapter-by-chapter mode

  3. Find and access a multi-chapter work, and double check that you are still on the insecure site

  4. Open the Chapter Index, choose a chapter using the select menu, and press "Go"

What happens

You are taken to the chapter, but on https://test.archiveofourown.org – the secure site. This is a problem if you're on an older device and can't access the secure site.

What should happen

You should stay on the insecure site.

Activity

Show:
Sarken
April 30, 2020, 10:59 PM
Edited

Oh, good catch, red! My brain utterly failed to notice the missing insecure subdomain in the second http URL.

To answer the remaining questions, though: handing of subdomains and cnames would be Systems' area, and while we do have a lot of 302 redirects courtesy of redirect_to, not all of them bounce you from insecure to secure. There’s a list of some that do in the linked issues, though.

teyla
April 30, 2020, 11:11 PM

Yeah, the missing subdomain in the location header of the first response made me suspect that it might be a problem with subdomain handling, where the subdomain never even ends up in Rails. But if it doesn’t happen everywhere, that can’t be the issue.

redsummernight
May 2, 2020, 11:12 PM

Thanks to and james_, we have a fix for this issue using nginx's proxy_redirect. The fix can be tested on http://insecure-test.archiveofourown.org.

Looks good!

AO3 Paula
May 2, 2020, 11:53 PM
Edited

Looks good, opened a chaptered work, browsed using the “forward” button. Then went to the “fullpage index” which worked as well. Then picked chapters from the dropdown chapter index, worked correctly as well.

Seems gtg

ticking instant
May 9, 2020, 8:09 PM
Edited

Is this supposed to be deployed on Beta, or just on Staging? It still seems to be an issue on insecure.archiveofourown.org.

Never mind, I think it was just my browser behaving badly. Sorry for the false alarm!

Assignee

Unassigned

Reporter

Sarken

Roadmap

Works

Priority

Medium

Affects versions

Fix versions

Components

BackEnd

Difficulty

Easy

Milestone

Internal 0.9
Configure