Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix frontend api request block due to mixed content #53

Merged
merged 1 commit into from
Oct 25, 2023

Conversation

omar-selo
Copy link
Collaborator

@omar-selo omar-selo commented Oct 25, 2023

Right now TO staging fails to fetch data from API because the API request is blocked by the browser. After digging into what's going on, I found that frontend tries to request artefacts through the following url https://test-observer-api-staging.canonical.com/v1/artefacts?family=snap. The api then responds with a 307 redirect to http://test-observer-api-staging.canonical.com/v1/artefacts/?family=snap because fastapi redirects request to match trailing slash of endpoint. But the issue is that the redirect switches from https scheme to http. The browser detects this and blocks the request.

Note that this problem doesn't exist on local development because local development doesn't use a tls certificate. So all requests are http. Hence there is no mixed content shenanigans.

Copy link
Contributor

@plars plars left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm still not sure I understand why the initial request to https://test-observer-api-staging.canonical.com/v1/artefacts/?family=snap was blocked by the browser, but I understand why it blocked it after trying http instead.

Otherwise, this looks ok to me. The only comment I have for future (not that big of a concern, don't worry about fixing it here) is that it looks like there were a lot of unrelated cleanup changes to order of imports, etc. Try to at least put them in a separate commit if it's not too much trouble, because it helps with readability. But there weren't too many here so it was ok.

@omar-selo
Copy link
Collaborator Author

@plars the initial request was to https://test-observer-api-staging.canonical.com/v1/artefacts?family=snap and it was redirected to http://test-observer-api-staging.canonical.com/v1/artefacts/?family=snap. i.e. a slash was added after artefacts and turned https to http.

Good point regarding import ordering. Didn't notice that. Perhaps the way ruff formats is different from isort. So when we switched to ruff it changed things. But thanks for the tip, I'll keep it in mind.

@omar-selo omar-selo merged commit 5944c53 into main Oct 25, 2023
5 checks passed
@omar-selo omar-selo deleted the fix/frontend-api-request-blocked branch October 25, 2023 11:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants