Opened 4 years ago

Closed 3 years ago

Last modified 3 years ago

#1000 closed defect (fixed)

Domain-relative redirects doesn't work, they are absolute instead

Reported by: zakjan@… Owned by: Ruslan Ermilov <ru@…>
Priority: minor Milestone:
Component: other Version: 1.9.x
Keywords: Cc:
uname -a: Linux d7ba7d804a55 3.13.0-65-generic #106-Ubuntu SMP Fri Oct 2 22:08:27 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.8.1
built by gcc 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_spdy_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic'

Description

Nginx configuration:

location = /xxx {
  return 301 /qwerty;
}

Expected result:

GET http://localhost/xxx contains header Location: /qwerty

Actual result:

GET http://localhost/xxx contains header Location: http://localhost/querty

This is a problem when nginx runs behind another reverse proxy, so that nginx doesn't know the correct public hostname/port to redirect to.

See http://stackoverflow.com/questions/33523821/how-to-issue-a-relative-url-redirect-from-nginx for details.

Change History (7)

comment:1 by Ilyas Bakirov, 4 years ago

why not using:

location = /xxx {
  return 301 $scheme://$http_host/qwerty;
}

comment:2 by zakjan@…, 4 years ago

Because the inner nginx behind a reverse proxy doesn't know the public origin (schema, hostname, port).

comment:3 by Ilyas Bakirov, 4 years ago

Yes, nginx does not know public origin behind proxy. It only knows what in proxy scope, so yo may pass additional info with values by using optional vars

comment:4 by zakjan@…, 3 years ago

These vars can change quite often in cloud environment. It would be helpful if nginx wouldn't need to know them in this case.

Last edited 3 years ago by zakjan@… (previous) (diff)

comment:5 by Maxim Dounin, 3 years ago

See also #1145.

comment:6 by Ruslan Ermilov <ru@…>, 3 years ago

Owner: set to Ruslan Ermilov <ru@…>
Resolution: fixed
Status: newclosed

In 6852:d15172ebb400/nginx:

Core: relative redirects (closes #1000).

The current version of HTTP/1.1 standard allows relative references in
redirects (https://tools.ietf.org/html/rfc7231#section-7.1.2).

Allow this form for redirects generated by nginx by introducing the new
directive absolute_redirect.

comment:7 by Ilyas Bakirov, 3 years ago

Good, thanx!

Note: See TracTickets for help on using tickets.