Michael Schuerig
2010-Sep-14 18:13 UTC
Using URLs as resource IDs: how to make work with Apache/Passenger?
I have a resource whose public ID is a URL. The resulting URLs look like this http://my-app.com/things/http%3A%2F%2Fexample%2Ecom/foo.png I make sure manually, that "." in URLs are encoded as "%2E". The route looks like this get ''things/:url'' => ''things#show'' This works just fine with Mongrel, but it does not work with Apache and Passenger. The request doesn''t even get through to my app, I only get a 404 response and a corresponding entry in /var/log/apache2/other_vhosts_access.log There is nothing in the app''s log. The problem appears to be caused by the "/" in the :url parameter, even though they are encoded as "%2F". I''d prefer if I didn''t have to read through all the ActionPack and Rack routing code to understand what''s happening and find a remedy. It must be possible to do this cleanly. Michael -- Michael Schuerig mailto:michael-q5aiKMLteq4b1SvskN2V4Q@public.gmane.org http://www.schuerig.de/michael/ -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Jeremy Kemper
2010-Sep-14 19:22 UTC
Re: Using URLs as resource IDs: how to make work with Apache/Passenger?
On Tue, Sep 14, 2010 at 11:13 AM, Michael Schuerig <michael-q5aiKMLteq4b1SvskN2V4Q@public.gmane.org> wrote:> > I have a resource whose public ID is a URL. The resulting URLs look like > this > > http://my-app.com/things/http%3A%2F%2Fexample%2Ecom/foo.png > > I make sure manually, that "." in URLs are encoded as "%2E". The route > looks like this > > get ''things/:url'' => ''things#show'' > > This works just fine with Mongrel, but it does not work with Apache and > Passenger. The request doesn''t even get through to my app, I only get a > 404 response and a corresponding entry in > > /var/log/apache2/other_vhosts_access.log > > There is nothing in the app''s log. The problem appears to be caused by > the "/" in the :url parameter, even though they are encoded as "%2F". > > I''d prefer if I didn''t have to read through all the ActionPack and Rack > routing code to understand what''s happening and find a remedy. It must > be possible to do this cleanly.Tricky issue. To fix, enable AllowEncodedSlashes in Apache: http://httpd.apache.org/docs/2.2/mod/core.html#allowencodedslashes jeremy -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Michael Schuerig
2010-Sep-14 20:11 UTC
Re: Using URLs as resource IDs: how to make work with Apache/Passenger?
On Tuesday 14 September 2010, Jeremy Kemper wrote:> On Tue, Sep 14, 2010 at 11:13 AM, Michael Schuerig<michael-q5aiKMLteq4b1SvskN2V4Q@public.gmane.org> wrote: [...]> > There is nothing in the app''s log. The problem appears to be caused > > by the "/" in the :url parameter, even though they are encoded as > > "%2F". > > > > I''d prefer if I didn''t have to read through all the ActionPack and > > Rack routing code to understand what''s happening and find a > > remedy. It must be possible to do this cleanly. > > Tricky issue. To fix, enable AllowEncodedSlashes in Apache: > http://httpd.apache.org/docs/2.2/mod/core.html#allowencodedslashesThanks, Jeremy, that''s been very helpful. In combination with route globbing, i.e. get ''things/*url'' => ''things#show'' the intended controller action is called. Curiously, consecutive slashes are collapsed somewhere in parameter processing, so that "http://foo" becomes "http:/foo". Well, I can work around that, though, of course I''d prefer if I didn''t have to. Are there any security implications of enabling AllowEncodedSlashes? I figure there must be a reason that they are not enabled by default. Michael -- Michael Schuerig mailto:michael-q5aiKMLteq4b1SvskN2V4Q@public.gmane.org http://www.schuerig.de/michael/ -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.