Actions
Bug #12957
closed
On debian 9.4, ncf views.py can not access http://localhost/rudder (but can https://..)
Status:
Released
Priority:
N/A
Assignee:
Category:
Web - Technique editor
Target version:
Pull Request:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
0
Name check:
Fix check:
Regression:
Description
An user reported that he wasn't able to access the technique editor on rudder with an authentication error.
Further investigation shows that:
- access trough https works:
% curl -k -H "X-API-Token: $(cat /var/rudder/run/api-token)" -X GET 'https://localhost/rudder/api/authentication?acl=read'
{"action":"authentication","result":"success","data":"F4909276532903MRXTL"}
But without the s leads to an error:
% curl -k -H "X-API-Token: $(cat /var/rudder/run/api-token)" -X GET 'http://localhost/rudder/api/authentication?acl=read' <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /rudder/api/authentication was not found on this server.</p> <hr> <address>Apache/2.4.25 (Debian) Server at localhost Port 80</address> </body></html>
And that changing the URLs in /usr/share/ncf/api/ncf_api_flask_app/views.py (~lines 49 & 51) let the user accesses to the technique editor in rudder.
It works with previous version of debian (like 9.1), so something must have change in the apache version used in debian 9.4.
Updated by 
Updated by 
Updated by
Actions