0cbc15777c7929e94bfb8d37526ec7ce8eabe8fe max Fri May 5 10:07:10 2017 -0700 CIRM: fixing a bug in hgLogin that appears only when using it through a reverse-proxy. Adding login.relativeLink to hg.conf for this case. diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c index 71e1ae6..ba7dc00 100644 --- src/hg/hgLogin/hgLogin.c +++ src/hg/hgLogin/hgLogin.c @@ -30,31 +30,33 @@ char msg[4096] = ""; char *incorrectUsernameOrPassword="The username or password you entered is incorrect."; char *incorrectUsername="The username you entered is incorrect."; /* The excludeVars are not saved to the cart. */ char *excludeVars[] = { "submit", "Submit", "debug", "fixMembers", "update", "hgLogin_password", "hgLogin_password2", "hgLogin_newPassword1", "hgLogin_newPassword2", NULL }; struct cart *cart; /* This holds cgi and other variables between clicks. */ char *database; /* Name of genome database - hg15, mm3, or the like. */ struct hash *oldCart; /* Old cart hash. */ char *errMsg; /* Error message to show user when form data rejected */ char brwName[64]; char brwAddr[256]; char signature[256]; char returnAddr[256]; -char *hgLoginUrl = NULL; +char *hgLoginUrl = NULL; /* full absolute URL to hgLogin as seen from browser, + e.g. http://genome.ucsc.edu/cgi-bin/hgLogin. Can be a relative URL /cgi-bin/hgLogin if + hg.conf login.relativeLink is on. */ /* ---- Global helper functions ---- */ char *browserName() /* Return the browser name like 'UCSC Genome Browser' */ { if isEmpty(cfgOption(CFG_LOGIN_BROWSER_NAME)) return cloneString("NULL_browserName"); else return cloneString(cfgOption(CFG_LOGIN_BROWSER_NAME)); } char *browserAddr() /* Return the browser address like 'http://genome.ucsc.edu' */ { if isEmpty(cfgOption(CFG_LOGIN_BROWSER_ADDR)) @@ -288,31 +290,36 @@ { struct dyString *result = dyStringNew(1024); struct slName *newCookies = loginLoginUser(userName, idx), *sl; for (sl = newCookies; sl != NULL; sl = sl->next) dyStringPrintf(result, " document.cookie = '%s';", sl->name); return result; } char *getReturnToURL() /* get URL from cart var returnto; if empty, make URL to hgSession on login host. */ { char *returnURL = cartUsualString(cart, "returnto", ""); char *hgLoginHost = wikiLinkHost(); char *cgiDir = cgiScriptDirUrl(); char returnTo[2048]; -if (!returnURL || sameString(returnURL,"")) + +boolean relativeLink = cfgOptionBooleanDefault("login.relativeLink", FALSE); +// reverse proxies and all-https sites have no need for absolute links +if (relativeLink) + safef(returnTo, sizeof(returnTo), "%shgSession?hgS_doMainPage=1", cgiDir); +else if (!returnURL || sameString(returnURL,"")) safef(returnTo, sizeof(returnTo), "http%s://%s%shgSession?hgS_doMainPage=1", cgiAppendSForHttps(), hgLoginHost, cgiDir); else safecpy(returnTo, sizeof(returnTo), returnURL); return cloneString(returnTo); } void returnToURL(int delay) /* delay for delay mill-seconds then return to the "returnto" URL */ { char *returnURL = getReturnToURL(); jsInlineF( "setTimeout(function(){location='%s';}, %d);\n" , returnURL, delay); @@ -1285,23 +1292,29 @@ "usage:\n" " hgLogin <various CGI settings>\n" ); } int main(int argc, char *argv[]) /* Process command line. */ { long enteredMainTime = clock1000(); pushCarefulMemHandler(100000000); cgiSpoof(&argc, argv); htmlSetStyleSheet("../style/userAccounts.css"); htmlSetStyle(htmlStyleUndecoratedLink); htmlSetBgColor(HG_CL_OUTSIDE); htmlSetFormClass("accountScreen"); -struct dyString *dy = dyStringCreate("http%s://%s%shgLogin", + +boolean relativeLink = cfgOptionBooleanDefault("login.relativeLink", FALSE); +struct dyString *dy; +if (relativeLink) // normal relative links are better for reverse proxyies or all-https sites + dy = dyStringCreate("%s", cgiScriptName()); +else + dy = dyStringCreate("http%s://%s%shgLogin", loginUseHttps() ? "s" : "", wikiLinkHost(), cgiScriptDirUrl()); hgLoginUrl = dyStringCannibalize(&dy); oldCart = hashNew(10); cartHtmlShell("Login - UCSC Genome Browser", doMiddle, hUserCookie(), excludeVars, oldCart); cgiExitTime("hgLogin", enteredMainTime); return 0; }