-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication error viewing ZMI resource with virtual hosting. #1203
Comments
BTW, you get the same authentication errors in a few more DTML files that use
I wonder if we should define a fixed |
I'll try to take a look at this later, unless you or somebody else already wants to fix this. Without looking at the code again, I feel that it might be easier to use some proper request API with understanding of virtual host ( maybe Already it looks clear that I fixed only |
I have investigated a bit more and I noticed that :
Lines 5 to 11 in c33b799
and to only use
Please take a look at #1204 , I have tried all virtual host setups that I could think of in the unit tests, but it would be good if you can confirm it works in your setup. |
The urls now seem to be generated correctly, thanks. Initially with your branch I still had the main problem, that http://localhost:9340/++resource++zmi/zmi_base.css gave Unauthorized, with nginx on port 9340 doing a virtual host rewrite/proxy to the Plone site. But after some more restarts it worked for the Zope manager, so that seems to have been some temporary caching problem. So I need to have a look at what is wrong in the Varnish setup, but the PR seems fine. |
Maurits van Rees wrote at 2024-4-4 06:36 -0700:
BTW, you get the same authentication errors in a few more DTML files that use `BASEPATH1`, which were not touched by PR #1196, so they may need adjustment too:
* https://github.com/zopefoundation/Zope/blob/master/src/App/dtml/manage.dtml
* https://github.com/zopefoundation/Zope/blob/master/src/App/dtml/menu.dtml
* https://github.com/zopefoundation/Zope/blob/master/src/App/dtml/copyright.dtml
I wonder if we should define a fixed `basepath` (or maybe `resource_basepath`) in one place in Python, so we do the concatenation and fixing of `BASEPATH1` and `AUTHENTICATION_PATH` in one place. I don't know where best to do this though.
I think `ZPublisher.HTTPRequest.HTTPRequest` would be a good place:
it already has `getVirtualRoot` and the URL-base should be related.
|
This is similar to issue #1195 which has more links, and which has been solved. But the solution from PR #1196 makes a problem when using virtual hosting worse.
Setup:
/plone
With Zope 5.9:
Issue #1195 recognises the last problem and PR #1196 fixes it. I copy the fixed
src/App/dtml/manage_page_header.dtml
from Zope master and try again:The Plone user has this link in the head:
The Zope user has this link in the head:
I have a patch on the copied dtml file that improves this:
This turns the head links for both users into this when using virtual hosting (and correctly leaves the non-virtual host case unchanged):
So this is an improvement for the virtual hosting case.
But the problem still remains: these urls give an Unauthorized when accessed through nginx, for both Manager users:
Wait a minute. This is weird. I get that Unauthorized error for four ZMI resources and exactly one minute later, for each of those plus one extra resource, the nginx access log reports this:
And now Zope hangs. Ah, this is only after I have edited the
error_log
to not filter outUnauthorized
. When I restart and filter it out again, Zope no longer hangs. Maybe this is caused byProducts.PDBDebugMode
, which is installed in this test site. So never mind that.Main problem is, for the Zope Manager user:
Question: why? And how do we fix this?
The text was updated successfully, but these errors were encountered: