1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-03-12 04:15:00 +01:00
phorge-phorge/src/aphront
epriestley ea6c0c9bde Refine the "Mangled Webserver Response" setup check
Summary:
Ref T13259. In some configurations, making a request to ourselves may return a VPN/Auth response from some LB/appliance layer.

If this response begins or ends with whitespace, we currently detect it as "extra whitespace" instead of "bad response".

Instead, require that the response be nearly correct (valid JSON with some extra whitespace, instead of literally anything with some extra whitespace) to hit this specialized check. If we don't hit the specialized case, use the generic "mangled" response error, which prints the actual body so you can figure out that it's just your LB/auth thing doing what it's supposed to do.

Test Plan:
  - Rigged responses to add extra whitespace, got "Extra Whitespace" (same as before).
  - Rigged responses to add extra non-whitespace, got "Mangled Junk" (same as before).
  - Rigged responses to add extra whitespace and extra non-whitespace, got "Mangled Junk" with a sample of the document body instead of "Extra Whitespace" (improvement).

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13259

Differential Revision: https://secure.phabricator.com/D20235
2019-03-05 12:58:32 -08:00
..
__tests__ phtize all the things 2015-05-22 21:16:39 +10:00
configuration Refine the "Mangled Webserver Response" setup check 2019-03-05 12:58:32 -08:00
exception Convert some whiny exceptions into quiet MalformedRequest exceptions 2016-08-16 15:50:21 -07:00
handler Give MFA gates a more consistent UI 2019-01-30 06:16:32 -08:00
httpparametertype Fix spelling 2017-10-09 10:48:04 -07:00
interface Allow Controllers to return a wider range of "response-like" objects 2015-09-01 15:52:52 -07:00
response Clean up final setQueryParams() callsites 2019-02-14 11:54:56 -08:00
sink Fix Content-Security-Policy headers on "Email Login" page 2019-02-14 12:53:33 -08:00
site Allow custom Sites to have custom 404 controllers 2016-11-30 15:25:09 -08:00
AphrontController.php Provide an AphrontController implementation of willSendResponse() 2015-09-07 17:18:35 -07:00
AphrontRequest.php Use "QUERY_STRING", not "REQUEST_URI", to parse raw request parameters 2019-02-28 19:50:27 -08:00