TG 1.5b2: Problems with server.webpath and visit.cookie.path
Bobby Impollonia
two issues. I tried to file them in trac, but was rejected as spam.
Issue 1:
Quickstart a project with identity and visit in TG 1.5b2. Modify
dev.cfg to add
visit.cookie.path='/'
Start the server and visit in your browser. Observe the cookies that
are set (e.g., using Firebug).
Rather than having a Path of /, the visit cookie is set with a Path
equal to the string representation of a dictionary containing all our
config settings. This not only causes the cookie not to work, but also
exposes critical information including the database connection string
with password.
Issue 2:
Quickstart a project with identity and visit in TG 1.5b2. Modify
dev.cfg to add
server.webpath='/'
Start the server and visit in your browser.
The css does not load properly due the URLs having an extra slash.
Christoph Zwerschke
> Hi. In the course of upgrading a project to TG 1.5, I have run into
> two issues. I tried to file them in trac, but was rejected as spam.
Thanks for the reports. We will soon move the trac to a new server and
hope the spam filter problem will then be solved.
> Issue 1:
> Quickstart a project with identity and visit in TG 1.5b2. Modify
> dev.cfg to add
> visit.cookie.path='/'
> Start the server and visit in your browser. Observe the cookies that
> are set (e.g., using Firebug).
>
> Rather than having a Path of /, the visit cookie is set with a Path
> equal to the string representation of a dictionary containing all our
> config settings.
Oops, that was a pretty hefty bug. It is fixed now in the trunk. Thanks
again for reporting that.
> Issue 2:
> Quickstart a project with identity and visit in TG 1.5b2. Modify
> dev.cfg to add
> server.webpath='/'
> Start the server and visit in your browser.
>
> The css does not load properly due the URLs having an extra slash.
The server.webpath setting must be either '' or start with a slash, but
not end with a slash. It is now improved in the trunk, so that the
setting gets sanitized on startup. I.e. you can now set it to '/' or add
a slash at the end, it does not matter.
-- Christoph
Bobby Impollonia
I am now encountering a different problem with server.webpath:
If my application's webpath is "/webpath" and my root controller has
an attribute called "subcontroller" that points to a child controller
object, then
http://myserver/webpath/subcontroller/
should return the index page for the subcontroller. This works fine.
http://myserver/webpath/subcontroller
should redirect to
http://myserver/webpath/subcontroller/
However, this instead is redirecting to
http://myserver/subcontroller/
(without the webpath).
Christoph Zwerschke
> However, this instead is redirecting to
> http://myserver/subcontroller/
> (without the webpath).
I guess the problem is that the redicrecting is done by a builtin
CherryPy tool that is not aware of the webpath (which is actually only a
TG specific config setting). I have created ticket #2550 for this.
We probably need to replace the builtin CP tool with our own tool if a
webpath has been set.
-- Christoph
Christoph Zwerschke
setting tools.trailing_slash.on = False in dev.cfg, and pay attention
that links to subcontrollers properly end with a slash. That is better
for performance and duplicate content issues. The tool is actually only
an accomodation for people who type in links directly.
-- Christoph