Closed Bug 83471 Opened 23 years ago Closed 23 years ago

Redirection loops

Categories

(Core :: Networking: HTTP, defect, P1)

Product:
Core
Component:
Networking: HTTP
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.7

People

(Reporter: tenthumbs, Assigned: darin.moz)

References

(
URL
)

Details

Attachments

(2 files, 2 obsolete files)

ZIP file with two Unix shell CGI scripts
575 bytes, application/octet-stream
Details
v1.2 patch
13.39 KB, patch
bbaetz
: review+
rpotts
: superreview+
Details | Diff | Splinter Review 
They sometimes happen. Mozilla just blindly follows each redirection until the
user gives up on it.

I tried Opera on Linux and it just goes around a loop once but then seems to get
stuck in some internal loop of its own and just sits there. That's worse than
mozilla. 

Lynx does best. It follows the loop for a while and then says:

  Alert!: Redirection limit of 10 URL's reached.

I think mozilla should act like Lynx.
Could be a dupe of bug 40072.
Is there a testcase for this?
Keywords: qawanted
Actually, I think bug 40072 and bug 76485 demonstrate this one.

I'll attach some simple shell scripts. They work nicely on Linux running an
Apache server. Just point mozilla at one of them and watch it go back and forth.


    
    

    
  
tever: could you setup these scripts on a server?

thanks,
Neeti

    
    

    
  

*** This bug has been marked as a duplicate of 40072 ***
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE

    
    

    
  
Reopening. The other bug does load infinitely, but it is a specific case
of a meta refresh request not being cancelled. It's not the general case 
bug for "redirect loops" are never limited. 

There used to be code in place that would detect a redirect loop (bug 24884).
Has that been disabled/broken/removed?
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---

    
    

    
  
gagan: let me investigate this one as well...
Assignee: neeti → gagan
Status: REOPENED → NEW
Priority: -- → P3
Target Milestone: --- → mozilla0.9.2

    
    

    
  
Neeti: If I understand correctly this is only suggesting a way to prevent badly
written loops with a certain limit. So there isn't much more investigation
left.. but we need to decide on that limit. My suggestion is that we put a pref
(defaulting to say 16) and just increment that count on the nsHttpChannel each
time we redirect. If it gets > 16 then we load the page without following the
redirect and alert the user with a likewise message. We'd need to add the
correcly localized dialog for that alert. All this work seems like this is going
to have to be a later milestone.
Assignee: gagan → neeti
Target Milestone: mozilla0.9.2 → mozilla1.0

    
    

    
  
Yes, that's exactly right. Mozilla is behaving correctly but
irrationally. I am suggesting that mozilla should be more clever,
behaving as SMTP daemons do when they detect mail loops.

    
    

    
  
It's easier in SMTP, you just parse the Received headers to get the audit trail...

    
    

    
  
SMTP daemons need headers because they don't control every connection.
Mozilla does. It knows whenever it redirects; it just has to remember
that long enough to be useful.

    
    

    
  
*** Bug 99471 has been marked as a duplicate of this bug. ***

    
    

    
  
Any progress on this yet ?


    
    

    
  
*** Bug 105720 has been marked as a duplicate of this bug. ***

    
    

    
  
-> me
Assignee: neeti → darin
Target Milestone: mozilla1.0 → mozilla0.9.7

    
    

    
  
I just ran into this problem. If you go to www.stac.com and follow the link at
the bottom to www.previo.com it will put you into an endless loop. I let it go
for a while, and then tried to stop it. It wouldn't stop by hitting Escape, so I
tried to close that browser window. Crash!

Talkback ID is TB37820199E, build is 2001101909 on Win2k.

Platform/OS should be all/all.

    
  
Severity: normal → critical
Status: NEW → ASSIGNED
Priority: P3 → P1

    
    

    
  

      
      
      
      

        Attached patch
          
          
        v1.0 patch (obsolete)
        — Splinter Review
      

    


  
this patch adds a limit to the number of times a channel can be redirected.

since a new channel is created for each redirect, i had to add a method on
nsIHttpChannel to convey the current redirect count.

    
    

    
  
some comments from bbaetz:

1- nsHttpChannel::mRedirectionCount could be 8-bit

2- failure should trigger a special error code that could cause the uriloader
(or docshell) to pop up an alert.

    
    

    
  
Some comments.

Should there be separate limits for a true loop as opposed to a long 
chain? ASP pages tend to do a lot of stupid things.

Does this apply to all URI's sent to a proxy server?

Wouldn't it be somewhat faster to set the redirection count to the 
current limit and then count down towards zero? Fewer function calls.

    
    

    
  
yeah, counting down sounds like a good idea.

this has nothing to do with proxy servers.  if a URL results in a redirect, then
the redirect count will be incremented (or decremented if we make the change you
suggested).  when the limit is reached, then we simply do not follow the redirect.

its tricky to detect true infinite redirects.  this would require tracking
cookies (and other perhaps unknown extensions to http) in the http code, which
the http code currently knows nothing about.

having a hard limit on the number of redirects just seems like a simple solution
to this problem... it avoids situations that would peg the users CPU, and i
think that's the real thing we're trying to do with this patch.

perhaps the limit of 10 redirects is too aggresive.  how about 20?  or 200?
it doesn't really matter.

    
    

    
  
Proxy servers can siletly rewrite URIs so I was worried about what 
apepars to be an ftp URI receiving a redirection from some http server. 
If redirection limits apply to all URIs then it's not an issue.

As for the limit, lynx goes around the www.stac.com loop  twice before 
it notices. It would be nice if mozilla only did it once. However, 
setting the limit lower tahn 10 will probably catch dump ASP pages. No 
one seems to object to lynx's limit of 10. I would say keep it at that 
and see what happens.

    
    

    
  
when using FTP via a proxy we're actually speaking HTTP, so we'd still get the
redirection counting.

also, glad to hear that there is somewhat of a standard for limiting the number
of redirects to 10 :)

    
    

    
  
*** Bug 112200 has been marked as a duplicate of this bug. ***

    
    

    
  
*** Bug 112310 has been marked as a duplicate of this bug. ***

    
    

    
  

      
      
      
      

        Attached patch
          
          
        v1.1 patch (obsolete)
        — Splinter Review
      

    


  
- added NS_ERROR_REDIRECT_LOOP to set of necko error codes.
- added code in nsWebShell.cpp for popping up an alert on
NS_ERROR_REDIRECT_LOOP
- made mRedirectionLimit 8-bit
- made mRedirectionLimit count down
- plus some other bits of cleanup

        Attachment #57860 -
        Attachment is obsolete: true

    
    

    
  
bbaetz: can you review this new patch?

    
  
Keywords: patch

    
    

    
  
I suggest changing "cannot be loaded" to "will not be loaded". It's an 
administrative decision. 

I'm not opposed to a dialog box but I'm wondering if displaying a 
message in the status bar instead of/in addition to a dialog box might 
not be good; provided the status bar ever works.

    
    

    
  
"will not" almost sounds like a deficiency on our side, when in fact this is
likely a problem with the server.  a problem with the server is something we
"cannot" do anything about.  so, i think i prefer "cannot" though i'm open to
arguments against it and/or other suggestions :)

i agree that it might be nice to report the problem in the status bar... hmm...
actually, seems like it'd be nice to report any load failure in the status bar
instead of just "Document Done".  that's probably a separate bug.

see bug 112366, which has a fix for the status bar updating problems.

    
    

    
  
*** Bug 112906 has been marked as a duplicate of this bug. ***

    
    

    
  
Well, I see "cannot" as meaning mozilla is unable to do something which 
isn't really true. Mozilla just reaches a limit. Maybe something like:
 "Redirection limit for this URL exceeded. Loading aborted."
but I like terse messages. :-)  In any event, I'm not violently opposed 
to the current message. It's also true that terse messages fit better 
into the status bar.

    
    

    
  
yeah i kinda like "Redirection limit for this URL exceeded. Loading aborted." too.

i'm not sure that "The URL has been redirected too many times and cannot be
loaded." is any clearer or less confusing for a novice user.

i tested IE6 and noticed that it has this bug as well... it totally clobbered my
webserver that hosts an infinite redirect testcase.  oddly enough however it
didn't seem to hurt the windows box too badly.

    
    

    
  
Comment on attachment 59675 [details] [diff] [review]
v1.1 patch

>+      nsXPIDLString messageStr;
>+      rv = stringBundle->GetStringFromName(NS_LITERAL_STRING("redirectLoop").get(),
>+                                           getter_Copies(messageStr));
>+      if (NS_FAILED(rv)) return rv;
>+
>+      PRUnichar *msg = nsTextFormatter::smprintf(messageStr, (const char*)host);

What does this do? messageStr doesn't contain any format specifiers. Even if it
did, you
should be using formatStringFromName instead, which "uses
nsTextFormatter::smprintf to do the dirty work"
(This would then mean using the %S notation instead, in the format string)

Do we really need to print the url?

>+      if (!msg) return NS_ERROR_OUT_OF_MEMORY;
>+
>+      prompter->Alert(nsnull, msg);
>+      nsTextFormatter::smprintf_free(msg);
>+    }

<snip>

>     case 302:
>     case 307:
>         // these redirects can be cached (don't store the response body)
>-        if (mCacheEntry) {
>-            rv = InitCacheEntry();
>-            if (NS_SUCCEEDED(rv) && mCacheEntry) {
>-                // XXX we must open an output stream to force the cache service to
>-                // select a cache device for our entry -- bad cache service!!
>-                rv = mCacheEntry->GetTransport(getter_AddRefs(mCacheTransport));
>-                if (NS_SUCCEEDED(rv)) {
>-                    nsCOMPtr<nsIOutputStream> out;
>-                    rv = mCacheTransport->OpenOutputStream(0, PRUint32(-1), 0, getter_AddRefs(out));
>-                }
>-            }
>-            CloseCacheEntry(rv);
>-        }
>+        if (mCacheEntry)
>+            CloseCacheEntry(InitCacheEntry());
>+

This bit is related to that cache service bug which wsa fixed a while back,
isn't it? Have you checked
that these are still being cached?

It looks OK apart from that, but I haven't had time to test it.

    
    

    
  
I think you really must show the URI in question (at least in a dialog 
box). It could be just one object of many on a page.

    
    

    
  
bbaetz: oops!  i just blindly copied the NS_ERROR_UNKNOWN_HOST case :-/

and, yeah gordon fixed the cache bug that required the extra code in
nsHttpChannel.  it works now.

tenthumbs: i agree that it would be nice to give some context to the URL, but
displaying an URL in an alert box could be problematic... what happens if the
URL is really long?  also, there could be multiple URLs involved in the infinite
redirect.  i didn't want to deal with these problems, and because it seems like
these kinds of problems occur mostly with toplevel documents, i figured there'd
be enough context.  i'm sure this is somewhat flawed but i really can't think of
an easy solution to the problem.  suggestions?

    
    

    
  

      
      
      
      

        Attached patch
          
          
        v1.2 patchSplinter Review
      

    


  
revised per comments from bbaetz

        Attachment #59675 -
        Attachment is obsolete: true

    
    

    
  
Comment on attachment 60236 [details] [diff] [review]
v1.2 patch

This looks fine to me. The error text may be a bit too technical, but I can't
think of another way to put it.

r=bbaetz

        Attachment #60236 -
        Flags: review+

    
    

    
  
darin: I don't think there is any good way to get all the context into 
the available places so it's doesn't seem worth the trouble of trying. 
What mozilla needs is a log window where all this stuff could be dumped, 
but that's not going to happen any time soon.

One small suggestion, though. In nsHttpChannel::ProcessResponse, a 
little after line 1145, where you have 
 LOG(("redirection limit reached!\n"));
I think you should include the URL here. At least someone might get to 
see it. :-)

    
    

    
  
tenthumbs: the LOG file already contains the URL for the channel, so no need to
print it out again.  also, i thought about this bug a bit more and i suspect
that we'll only get the dialog if it's the toplevel document that redirects
infinitely.  otherwise, we'll probably just get a blank frame, image, or
whatever without an alert dialog.  i think this is ok, cuz you wouldn't want to
put up tons of alerts all at once or all in sequence... that would just annoy
the user.

    
  
Whiteboard: [patch needs sr=]

    
    

    
  
darin: I generally find that the interesting parts of a log file are 
separated by hundreds of lines of junk so I like repetition. :-)

If toplevel document means resulf of user-initiated action then I agree 
that supressing some messages is ok (at least for dialog boxes, it would 
be different for the status bar). For example, if a user clicks on a 
link that says "click here for a larger image" then I would expect 
mozilla to put up an error if that URI redirected too much, no matter 
what the eventual mime type was. That wouldn't be necessary if the image 
was embedded in a page.

    
    

    
  
hey darin,

this patch looks good to me... 

my only thought is whether 'redirectionLimit' really needs to be exposed through
nsIHTTPChannel...  i wonder if it wouldn't be enough to expose it via
nsIHttpProtocolHandler and just not allow an individual channel to have it's
'own' redirect limit...

-- rick

    
    

    
  
Comment on attachment 60236 [details] [diff] [review]
v1.2 patch

sr=rpotts@netscape.com

        Attachment #60236 -
        Flags: superreview+

    
  
Whiteboard: [patch needs sr=]

    
    

    
  
rick: yeah, i don't like have redirectionLimit on nsIHttpChannel per se, but it
does need to be a method implemented by nsHttpChannel.  this is because each
nsHttpChannel can have a different redirect limit.  that is, each time we
redirect, the redirected channel gets a redirect limit that is one less than the
previous channels redirect limit.  if a channel's redirect limit is zero then it
cannot redirect.

    
    

    
  
rick: didn't realize you weren't cc'd... see comment #43.

also, i meant to add that i put redirectLimit on nsIHttpChannel because when we
redirect we don't know if the new channel is actually a http channel... it could
be a ftp channel for all we know.  so the new channel has to be QI'd to
nsIHttpChannel so we can set the new redirect limit.

    
    

    
  
fixed-on-trunk
Status: ASSIGNED → RESOLVED
Closed: 23 years ago23 years ago
Resolution: --- → FIXED

    
    

    
  
Verified.
Status: RESOLVED → VERIFIED
QA Contact: benc → junruh

    
    

    
  
john: did you use a test server for this? can you include a link or send me an
internal URL?
Keywords: qawanted

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: