admindb POST fails due to absolute addressing

The underlying issue is redirects lose POST data. Most mainstream browsers when receiving a 301 or 302 in response to a POST will issue a GET of the new URI. HTTP 1.1 defined 307 and 308 redirects to specifically say that the browser should use the same request method for the new URI, but if the server is issuing a 301 or 302 redirect rather than a 307 or 308, the POST data is lost.

Your issue is not due to a Mailman change as the only change in this area was in Mailman 2.1.12 and that change made more URLs relative, not fewer. However, Your Mailman installation is cPanel, and this could be a cPanel issue. See http://wiki.list.org/DOC/Mailman%20and%20CPanel , but http://noonway.com/mailman/admindb/humor_noonway.com is definitely being redirected to http://just63.justhost.com/mailman/admindb/humor_noonway.com with a 301 redirect. Many other cPanel Mailman hosts don't do this redirection as it breaks other things too.

Depending on how much access you have to the actual Mailman installation on the server, you may be able to change things. At around line 204 in Mailman/Cgi/admindb.py you'll see

        # Now print the results and we're done. Short circuit for when there
        # are no pending requests, but be sure to save the results!
        admindburl = mlist.GetScriptURL('admindb', absolute=1)

if you remove the ", absolute=1" from the last of those to make it

        admindburl = mlist.GetScriptURL('admindb')

that should make the form action URL relative.

As for changing this in the upstream code, there are several places where absolute URLs are generated in this way. I don't know the historical reasons for this or what the unintended consequences might be if they were changed, so I'm reluctant to do so.

It definitely appears that just63.justhost.com has made mods to the basic cPanel Mailman, e.g. the "delegated access" on the admin(db) login pages and the lack of a link in the footer to "Overview of all noonway.com mailing lists" (which is another thing that wouldn't work because of the redirect), so they ought to fix this too.

Mark,

I greatly appreciate the detailed reply. I’ll see if I can get JustHost to fix this for me, although they haven’t been at all responsive which is why I posted a bug report.
Maybe another fix would be for me to install Mailman into a directory I can access.

Thanks again,
Rob.

> On Apr 10, 2016, at 1:40 PM, Mark Sapiro <email address hidden> wrote:
>
> The underlying issue is redirects lose POST data. Most mainstream
> browsers when receiving a 301 or 302 in response to a POST will issue a
> GET of the new URI. HTTP 1.1 defined 307 and 308 redirects to
> specifically say that the browser should use the same request method for
> the new URI, but if the server is issuing a 301 or 302 redirect rather
> than a 307 or 308, the POST data is lost.
>
> Your issue is not due to a Mailman change as the only change in this
> area was in Mailman 2.1.12 and that change made more URLs relative, not
> fewer. However, Your Mailman installation is cPanel, and this could be a
> cPanel issue. See http://wiki.list.org/DOC/Mailman%20and%20CPanel , but
> http://noonway.com/mailman/admindb/humor_noonway.com is definitely being
> redirected to
> http://just63.justhost.com/mailman/admindb/humor_noonway.com with a 301
> redirect. Many other cPanel Mailman hosts don't do this redirection as
> it breaks other things too.
>
> Depending on how much access you have to the actual Mailman installation
> on the server, you may be able to change things. At around line 204 in
> Mailman/Cgi/admindb.py you'll see
>
> # Now print the results and we're done. Short circuit for when there
> # are no pending requests, but be sure to save the results!
> admindburl = mlist.GetScriptURL('admindb', absolute=1)
>
> if you remove the ", absolute=1" from the last of those to make it
>
> admindburl = mlist.GetScriptURL('admindb')
>
> that should make the form action URL relative.
>
> As for changing this in the upstream code, there are several places
> where absolute URLs are generated in this way. I don't know the
> historical reasons for this or what the unintended consequences might be
> if they were changed, so I'm reluctant to do so.
>
> It definitely appears that just63.justhost.com has made mods to the
> basic cPanel Mailman, e.g. the "delegated access" on the admin(db) login
> pages and the lack of a link in the footer to "Overview of all
> noonway.com mailing lists" (which is another thing that wouldn't work
> because of the redirect), so they ought to fix this too.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1568547
>
> Title:
> admindb POST fails due to absolute addressing
>
> Status in GNU Mailman:
> New
>
> Bug description:
> The shared server I use employs re-directs from my domain name to
> their local server domain name. This is causing form submission POSTs
> to fail in the ADMINDB pages used to moderate user posts, but not in
> the ADMIN pages used to manage the Mailman list. A review of the
> server code reveals why -
>
> The ADMIN pages use relative addressing in the form POST, so redirects are not an issue.
> Whereas the ADMINDB pag...