Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1459550 - nextcloud: Detect 301 redirects from http to https
Summary: nextcloud: Detect 301 redirects from http to https
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: gnome-online-accounts
Version: 8.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 8.3
Assignee: Debarshi Ray
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-06-07 12:37 UTC by Matěj Cepl
Modified: 2020-12-01 07:28 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-12-01 07:28:57 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
GNOME Bugzilla 783506 0 Normal NEW nextcloud: Detect 301 redirects from http to https 2020-10-08 14:35:05 UTC

Description Matěj Cepl 2017-06-07 12:37:19 UTC 
Description of problem (from the upstream bug):
[reply] [−] Description Debarshi Ray [reporter] [gnome-online-accounts developer] 2017-06-07 13:59:14 CEST

When adding a Nextcloud account, unless one explicitly specifies the URI scheme, it assumes that it is HTTPS. However, if someone specifies HTTP, it will stick to it.

This leads to a strange problem with my.owndrive.com. Sending a GET request to http://my.owndrive.com/remote.php/webdav evokes a successful (200) response, which is fine. However, an OPTIONS request leads to a 301 redirect with the Location header set to https://my.owndrive.com/remote.php/webdav. ie. the HTTPS equivalent of the same URL.

Therefore, if one explicitly specifies HTTP in Settings -> Online Accounts, the account will be added because it uses GET requests. However, GVfs' WebDAV backend won't be able to mount it because it sends an OPTIONS request and the redirect handler refuses to grant the redirect request.

A quick reading of the WebDAV backend code makes me think that redirects are tied to G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS. So, while we might be able to make the backend deal with this, it might be easier to teach g-o-a to detect this when adding the account and only advertise the HTTPS URL.

Version-Release number of selected component (if applicable):
libsoup-2.56.0-2.el7.x86_64
gvfs-1.30.4-3.el7.x86_64
gnome-online-accounts-3.22.5-1.el7.x86_64
gvfs-goa-1.30.4-3.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Create ownCloud account in GOA on http://my.owndrive.com
2. Start Nautilus and go to the ownCloud shortcut created there
3.

Actual results:
Error message:
Unable to access 'desktopqe.com' HTTP Error: Moved Permanently

Expected results:
redirect should happen silently behind the scenes, if it needs to happen

Additional info:
Comment 2 Matěj Cepl 2017-06-20 16:06:00 UTC 
Most likely the same as bug 1461066 for Fedora?
Comment 3 Debarshi Ray 2017-06-20 17:59:23 UTC 
No, bug 1461066 looks different.
Comment 4 Debarshi Ray 2020-02-21 11:05:05 UTC 
RHEL 7 is approaching its Extended Life Cycle Support phase. Given the non-critical nature of this bug, it's not fit for RHEL 7 anymore. Let's try to fix this for RHEL 8.
Comment 7 RHEL Program Management 2020-12-01 07:28:57 UTC 
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.
Note You need to log in before you can comment on or make changes to this bug.