Closed
Bug 441504
Opened 17 years ago
Closed 15 years ago
Request for http://addons.mozilla.org gets redirected more times than is sensible
Categories
(addons.mozilla.org Graveyard :: Public Pages, defect, P5)
Tracking
(Not tracked)
RESOLVED
FIXED
4.x (triaged)
People
(Reporter: mossop, Unassigned)
References
()
Details
(Whiteboard: [z])
If I type addons.mozilla.org into the address bar the browser goes through a total of 5 redirects before it gets to the actual url of the AMO page to display. 2 is maybe sensible, 1 is ideal, 5 is over the top and adds delay and presumably server load.
10:22:29.152[1760ms][total 1760ms] Status: 302[Object Moved]
GET http://addons.mozilla.org/ Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Content Size[-1] Mime Type[application/x-unknown-content-type]
Request Headers:
Host[addons.mozilla.org]
User-Agent[Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1a1pre) Gecko/2008062310 Minefield/3.1a1pre]
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
Accept-Language[en-us,en;q=0.5]
Accept-Encoding[gzip,deflate]
Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
Keep-Alive[300]
Connection[keep-alive]
Response Headers:
Server[NS_6.1]
Location[https://addons.mozilla.org/]
Connection[close]
10:22:30.913[2743ms][total 2743ms] Status: 302[Found]
GET https://addons.mozilla.org/ Load Flags[LOAD_DOCUMENT_URI LOAD_REPLACE LOAD_INITIAL_DOCUMENT_URI ] Content Size[0] Mime Type[text/html]
Request Headers:
Host[addons.mozilla.org]
User-Agent[Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1a1pre) Gecko/2008062310 Minefield/3.1a1pre]
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
Accept-Language[en-us,en;q=0.5]
Accept-Encoding[gzip,deflate]
Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
Keep-Alive[300]
Connection[keep-alive]
Response Headers:
Date[Tue, 24 Jun 2008 09:22:33 GMT]
Server[Apache/2.2.3 (Red Hat)]
X-Powered-By[PHP/5.1.6]
X-AMO-ServedBy[mrapp03]
Cache-Control[no-store, no-cache, must-revalidate, post-check=0, pre-check=0, private, max-age=3600]
Pragma[no-cache]
Location[http://addons.mozilla.org/en-US/]
Expires[Tue, 24 Jun 2008 10:22:33 GMT]
Content-Length[0]
Keep-Alive[timeout=300, max=991]
Connection[Keep-Alive]
Content-Type[text/html; charset=UTF-8]
10:22:33.657[702ms][total 702ms] Status: 302[Object Moved]
GET http://addons.mozilla.org/en-US/ Load Flags[LOAD_DOCUMENT_URI LOAD_REPLACE LOAD_INITIAL_DOCUMENT_URI ] Content Size[-1] Mime Type[application/x-unknown-content-type]
Request Headers:
Host[addons.mozilla.org]
User-Agent[Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1a1pre) Gecko/2008062310 Minefield/3.1a1pre]
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
Accept-Language[en-us,en;q=0.5]
Accept-Encoding[gzip,deflate]
Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
Keep-Alive[300]
Connection[keep-alive]
Response Headers:
Server[NS_6.1]
Location[https://addons.mozilla.org/en-US/]
Connection[close]
10:22:34.360[2790ms][total 2790ms] Status: 302[Found]
GET https://addons.mozilla.org/en-US/ Load Flags[LOAD_DOCUMENT_URI LOAD_REPLACE LOAD_INITIAL_DOCUMENT_URI ] Content Size[0] Mime Type[text/html]
Request Headers:
Host[addons.mozilla.org]
User-Agent[Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1a1pre) Gecko/2008062310 Minefield/3.1a1pre]
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
Accept-Language[en-us,en;q=0.5]
Accept-Encoding[gzip,deflate]
Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
Keep-Alive[300]
Connection[keep-alive]
Response Headers:
Date[Tue, 24 Jun 2008 09:22:36 GMT]
Server[Apache/2.2.3 (Red Hat)]
X-Powered-By[PHP/5.1.6]
X-AMO-ServedBy[mrapp04]
Cache-Control[no-store, no-cache, must-revalidate, post-check=0, pre-check=0, private, max-age=3600]
Pragma[no-cache]
Location[http://addons.mozilla.org/en-US/firefox/]
Expires[Tue, 24 Jun 2008 10:22:36 GMT]
Content-Length[0]
Keep-Alive[timeout=300, max=976]
Connection[Keep-Alive]
Content-Type[text/html; charset=UTF-8]
10:22:37.151[2288ms][total 2288ms] Status: 302[Object Moved]
GET http://addons.mozilla.org/en-US/firefox/ Load Flags[LOAD_DOCUMENT_URI LOAD_REPLACE LOAD_INITIAL_DOCUMENT_URI ] Content Size[-1] Mime Type[application/x-unknown-content-type]
Request Headers:
Host[addons.mozilla.org]
User-Agent[Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1a1pre) Gecko/2008062310 Minefield/3.1a1pre]
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
Accept-Language[en-us,en;q=0.5]
Accept-Encoding[gzip,deflate]
Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
Keep-Alive[300]
Connection[keep-alive]
Response Headers:
Server[NS_6.1]
Location[https://addons.mozilla.org/en-US/firefox/]
Connection[close]
Comment 1•17 years ago
|
||
Redirecting through http also means that someone who types in https://addons.mozilla.org is exposed to a DNS attack -- does the in-browser service follow redirects?
Group: update-security
Reporter | ||
Comment 2•17 years ago
|
||
The in-browser service will follow any redirects given, currently the urls are such that there is only one instance I know of that actually redirects and that is when AMO does not support the locale. This redirects to a different locale but it is a safe https -> https redirect.
Comment 3•17 years ago
|
||
dupe of bug 412015?
Comment 4•17 years ago
|
||
(In reply to comment #3)
> dupe of bug 412015?
Yes. Do we want to dupe that one to this one, because Dave gave very detailed information up there?
Also, I am unsure this bug should not be public, as the implications of bouncing back and forth between http and https are pretty obvious (and have been public in bug 412015 for a while)?
Comment 7•17 years ago
|
||
Side note: We'll always end up with at least two redirects, as (I believe) the netscalers will take us from http->https and after that the application will need to redirect to the right locale and application.
However, we could try combining the lang and app magic in one step, along with not redirecting back to http (which is stupid anyway) and that'd reduce the amount of redirects to 2.
Updated•17 years ago
|
OS: Mac OS X → All
Hardware: PC → All
Comment 8•17 years ago
|
||
I see only 3 redirects, the https->http redirects do not happen for me. That brings us down to 3, which can (and should) be shrunk to 2.
Comment 9•17 years ago
|
||
One option is to have http://amo/* go through to 1 php file that only performs redirects. This will cut things down to 1 redirect in all cases (as long as that file logic is made to redirect to valid pages and not more redirects).
Updated•15 years ago
|
Severity: normal → trivial
Priority: -- → P5
Target Milestone: --- → 4.x (triaged)
Comment 11•15 years ago
|
||
Jeff, Dave: Is this fixed in Zamboni? I think we should have at worst two redirects: http->https, and / -> /<locale>/firefox .
Fred,
I assume this is done, although I'm not fully aware of the full stack of redirection, I can tell you what I do know and what I assume:
Assumptions:
Netscaler or Apache handles http->https
What I know:
we redriect / -> /locale/firefox once in middleware.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Whiteboard: [z]
Comment 13•15 years ago
|
||
(In reply to comment #12)
> Fred,
>
> I assume this is done, although I'm not fully aware of the full stack of
> redirection, I can tell you what I do know and what I assume:
>
> Assumptions:
>
> Netscaler or Apache handles http->https
Yes.
> What I know:
> we redriect / -> /locale/firefox once in middleware.
Excellent, thanks.
Assignee | ||
Updated•9 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
Updated•9 years ago
|
Group: client-services-security
Flags: needinfo?(amuntner)
You need to log in
before you can comment on or make changes to this bug.
Description
•