[Windmill-dev] Bug in Windmill + Firefox 2,3
Rob Miller
robm at openplans.org
Tue Jul 8 10:08:44 PDT 2008
Mikeal Rogers wrote:
> Wow, this bug was CRAZY.
>
> Ok, so here is the deal. The login page you're grabbing is generated
> somewhere in your webapp (by the look of the headers most likely Zope),
> and it actually embeds the referrer from the very first page load in a
> hidden form field.
>
> That is then sent in the POST to /login and that returns a 302 redirect
> to the hidden referrer field url.
>
> Since the initial referrer is
> http://testdomain.com/testurl/windmill-serv/remote.html when we reload
> that url it reloads ALL OF WINDMILL.
>
> I was able to fix it though. Since there should never be a legitimate
> redirect to an url with /windmill-serv from a remote web application I
> can safely remove anything after it from the response headers before
> handing them off to the client.
>
> I re-ran the openplans.py test file and it seems to work completely now.
> I get redirected to the proper location and I get a message saying i
> just logged in so it all looks good :)
yep, confirmed on this side, too. yippee!
> This is all checked in to trunk. If you're already running trunk then
> you're golden, if not then let me know and I'll push another release as
> soon as I can.
i am running trunk, and am now back on track. thank you!
-r
More information about the Windmill-dev
mailing list