proxying to loggerhead won't work for private branches

Bug #806713 reported by Martin Pool
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Triaged
High
Unassigned

Bug Description

https://code.launchpad.net/~spiv/launchpad/bmp-inline-diffs/+merge/66634 and bug 813349 and friends take the approach of proxying client requests through the main app domain to loggerhead.

This probably isn't going to work for private branches, because (iiuc) loggerhead uses a separate authentication cookie, so the client is going to send the cookie relevant to say code.l.n and loggerhead won't know what to do with it.

One solution would be to teach loggerhead to validate the cookie by calling across to lp.

Revision history for this message
Martin Pool (mbp) wrote :

I can confirm that with that code active on qas, you do indeed get a reasonably clean (but cryptic) little 'Error' when you try to expand a revision from a private branch. I think this is acceptable for a beta.

flacoste thought perhaps loggerhead used the same session cookies, but this seems to show that it does not.

tags: added: privacy private
description: updated
description: updated
Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

Given that loggerhead calls translatePath(user, branch) to access a branch anyway, it could call translatePathCookie(session_cookie, branch) instead. This seems most sensible, according to a small number of developers on irc :)

Curtis Hovey (sinzui)
tags: removed: private
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.