tickets #161273: Edit Comment doesn't work on code.o.o - openSUSE admin - openSUSE Project Management Tool

Custom queries

Events of the openSUSE Heroes
my assigned stuff
obs-admin-tickets
openQA Infrastructure Project
openqa-review - Closed tickets last updated by openqa-review, last 30 days
QA roadmap long-term
QA SLE functional
QA SLE Functional - closed in last 14 days
QA SLE Functional - High, need to be refined
QA SLE Functional - over cycle time median
QA SLE u
QA SLE y
QA tools (tag not necessary in openQA and subprojects)
QA tools tag (tag not necessary in openQA and subprojects; excluding tickets in "Ready" version as they are already on the backlog)
QAC - Backlog
QE tools team - backlog (dev)
QE tools team - backlog (ready issues)
QE tools team - backlog SLA high
QE tools team - backlog SLA immediate
QE tools team - backlog SLA no immediate/urgent in feedback/blocked
QE tools team - backlog SLA normal
QE tools team - backlog SLA urgent
QE tools team - backlog SLO high
QE tools team - backlog SLO normal
QE tools team - backlog SLO urgent
QE tools team - backlog, high-level view (epics and higher)
QE tools team - backlog, non-reactive work, needs parent
QE tools team - backlog, top-level view (all sagas)
QE tools team - closed within last 14 days
QE tools team - closed within last 60 days
QE tools team - closed yesterday
QE Tools Team - Collaborative Session
QE tools team - due date forecast
QE tools team - exceeding due-date
QE tools team - infrastructure backlog
QE tools team - next - sorted by update time
QE tools team - next issues
QE tools team - non-estimated (unblocked) issues (dev)
QE tools team - non-estimated (unblocked) issues (infra)
QE tools team - ready issues - Workable
QE tools team - ready, not assigned/blocked/low
QE tools team - SLO high forecast
QE tools team - update forecast
QE tools team - updated by priority
QE tools team - what members of the team are working on - Feedback (not-low)
QE Tools Team Backlog By Assignee
Tools Team Retrospective
Tools Team Retrospective (not estimated or assigned)

Actions

Copy link

tickets #161273

closed

Edit Comment doesn't work on code.o.o

Added by sfalken@cloverleaf-linux.org 6 months ago. Updated 6 months ago.

Status:

Resolved

Priority:

Normal

Assignee:

crameleon

Category:

Pagure

Target version:

Start date:

2024-05-30

Due date:

% Done:

100%

Estimated time:

Description

Pretty much that. Have a comment on a Pagure ticket, or PR, and click the "edit" button, and it always comes up with:

"Could not make Edit Work"

It appears that edit of the "first" post is possible, but not any posts further down in the comment chain.

Please see screenshot

Files

Screenshot_20240530_080640.png (293 KB) Screenshot_20240530_080640.png

Screenshot of Error Message

sfalken@cloverleaf-linux.org, 2024-05-30 15:07

Related issues 1 (0 open — 1 closed)

Related to openSUSE admin - tickets #152709: Pagure logout redirects to plain text HTTP

Resolved

crameleon

2023-12-16

Actions

Issue # Delay: days Cancel

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by crameleon 6 months ago

Private changed from Yes to No

I can reproduce this in my test project.

Actions

Copy link

Updated by crameleon 6 months ago

The browser console logs the following:

Content-Security-Policy: The page’s settings blocked the loading of a resource (connect-src) at http://code.opensuse.org/crameleon/test1/issue/1/comment/1963/edit?js=1 because it violates the following directive: “default-src 'self'”

Actions

Copy link

Updated by crameleon 6 months ago

I think the issue is with it calling plain "http", but self would rightfully only match "https". Maybe similar to https://progress.opensuse.org/issues/152709 ?

Actions

Copy link

Updated by sfalken@cloverleaf-linux.org 6 months ago

I will say, I do see a fair number of things kicking me back and forth from https to http when using code.o.o, the only reason I notice is because I have an "https-only" extension running in firefox, so I get a splash screen when it does it.

No idea if that's got anything to do with it.

Actions

Copy link

Updated by crameleon 6 months ago

I identified the issue to be with the nginx being configured to set an X-Forwarded-Proto header:

https://code.opensuse.org/heroes/salt/blob/production/f/pillar/role/pagure.sls#_54

This overwrites the X-Forwarded-Proto header, which our TLS terminating frontend proxy (HAProxy) sets to https:

https://code.opensuse.org/heroes/salt/blob/production/f/pillar/cluster/common/public_proxy.sls#_16

with http, since the backend connection is using plain HTTP.

I tried simply removing the option, however it would still set it - I could not find a way to have nginx preserve the existing X-Forwarded-Proto header from HAProxy. Hardcoding https however works, and I think is an acceptable workaround, since we do not allow any public plain HTTP connectivity anyways through permanent redirect, and since we already implement this practice for lists.opensuse.org, which had the same issue.

I already implemented this temporarily and will follow up with the permanent patch.

Actions

Copy link