Project

General

Profile

Actions
Copy link

tickets #161273

closed

Edit Comment doesn't work on code.o.o

Added by sfalken@cloverleaf-linux.org about 1 month ago. Updated 28 days ago.

Status:
Resolved
Priority:
Normal
Assignee:
crameleon
Category:
Pagure
Target version:
-
Start date:
2024-05-30
Due date:
% Done:

100%

Estimated time:

Description

Pretty much that. Have a comment on a Pagure ticket, or PR, and click the "edit" button, and it always comes up with:

"Could not make Edit Work"

It appears that edit of the "first" post is possible, but not any posts further down in the comment chain.

Please see screenshot

Files

Screenshot_20240530_080640.png (293 KB) Screenshot_20240530_080640.png Screenshot of Error Message sfalken@cloverleaf-linux.org, 2024-05-30 15:07

Related issues 1 (1 open0 closed)

Related to openSUSE admin - tickets #152709: Pagure logout redirects to plain text HTTPIn Progresscrameleon2023-12-16

Actions
Actions
Copy link
 #1

Updated by crameleon about 1 month ago

  • Private changed from Yes to No

I can reproduce this in my test project.

Actions
Copy link
 #2

Updated by crameleon about 1 month ago

The browser console logs the following:

Content-Security-Policy: The page’s settings blocked the loading of a resource (connect-src) at http://code.opensuse.org/crameleon/test1/issue/1/comment/1963/edit?js=1 because it violates the following directive: “default-src 'self'”
Actions
Copy link
 #3

Updated by crameleon about 1 month ago

I think the issue is with it calling plain "http", but self would rightfully only match "https". Maybe similar to https://progress.opensuse.org/issues/152709 ?

Actions
Copy link
 #4

Updated by sfalken@cloverleaf-linux.org about 1 month ago

I will say, I do see a fair number of things kicking me back and forth from https to http when using code.o.o, the only reason I notice is because I have an "https-only" extension running in firefox, so I get a splash screen when it does it.

No idea if that's got anything to do with it.

Actions
Copy link
 #5

Updated by crameleon about 1 month ago

I identified the issue to be with the nginx being configured to set an X-Forwarded-Proto header:

https://code.opensuse.org/heroes/salt/blob/production/f/pillar/role/pagure.sls#_54

This overwrites the X-Forwarded-Proto header, which our TLS terminating frontend proxy (HAProxy) sets to https:

https://code.opensuse.org/heroes/salt/blob/production/f/pillar/cluster/common/public_proxy.sls#_16

with http, since the backend connection is using plain HTTP.

I tried simply removing the option, however it would still set it - I could not find a way to have nginx preserve the existing X-Forwarded-Proto header from HAProxy. Hardcoding https however works, and I think is an acceptable workaround, since we do not allow any public plain HTTP connectivity anyways through permanent redirect, and since we already implement this practice for lists.opensuse.org, which had the same issue.

I already implemented this temporarily and will follow up with the permanent patch.

Actions
Copy link
 #6

Updated by crameleon about 1 month ago

  • Status changed from New to In Progress
  • Assignee set to crameleon
  • % Done changed from 0 to 50
Actions
Copy link
 #8

Updated by crameleon about 1 month ago

  • Related to tickets #152709: Pagure logout redirects to plain text HTTP added
Actions
Copy link
 #10

Updated by crameleon 28 days ago

  • Status changed from In Progress to Feedback

This is is now correctly deployed.
Is the issue solved for you as well, @sfalken ?

Actions
Copy link
 #11

Updated by sfalken@cloverleaf-linux.org 28 days ago

Yup, appears to be working as expected now.

Actions
Copy link
 #12

Updated by crameleon 28 days ago

  • Status changed from Feedback to Resolved
  • % Done changed from 90 to 100

Great, thanks for confirming.

Actions
Copy link

Also available in: Atom PDF