php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74126 Ajax SSL php.net -> secure.php.net preflight redirect
Submitted: 2017-02-19 08:07 UTC Modified: 2021-08-04 12:00 UTC
Votes:4
Avg. Score:4.5 ± 0.9
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: alexhacker64 at gmail dot com Assigned: cmb (profile)
Status: Closed Package: Website problem
PHP Version: Irrelevant OS: Irrelevant
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: alexhacker64 at gmail dot com
New email:
PHP Version: OS:

 

 [2017-02-19 08:07 UTC] alexhacker64 at gmail dot com
Description:
------------
https://secure.php.net does ajax requests to https://php.net including, but not limited to:

https://php.net/js/search-index.php?lang=...
https://php.net/manual/vote-note.php?id=...&page=...&vote=up
https://php.net/manual/vote-note.php?id=...&page=...&vote=down

which in preflight (OPTIONS) return redirect to corresponding https://secure.php.net/... addresses, which causes the following errors in browser:

XMLHttpRequest cannot load https://php.net/.... Response for preflight is invalid (redirect)

Tested in latest Chrome and Firefox browsers.

Expected result:
----------------
Voting up and down on https://secure.php.net/ works, "dynamic" search works.

Actual result:
--------------
Voting up and down causes "Something went wrong :(" with described error in dev console, search does something only after submitting the query.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-08-18 15:21 UTC] pollita@php.net
I'm struggling to find any instance of XMLHttpRequest anywhere in the site's codebase.  Could you reference a specific page this happens on, perhaps with reproduce steps?

It's also possible someone's removed the XHR usage since this bug was originally posted.
 [2018-08-20 08:35 UTC] vrana@php.net
The AJAX request is at https://github.com/php/web-php/blob/c68a31e5/js/search.js#L263. The URL is domain-less but there's <base href> set at https://github.com/php/web-php/blob/8014ec80/include/header.inc#L105 Which sets it to https://php.net at https://secure.php.net.
 [2018-08-20 09:08 UTC] vrana@php.net
There's no mirror for secure.php.net at https://master.php.net/manage/mirrors.php but there's a mirror for php.net which runs at the same host as secure.php.net. I'm not sure how but it seems that the script decides to use php.net as the mirror (maybe at https://github.com/php/web-php/blob/c68a31e5/include/site.inc#L531?).

We can try to add mirror secure.php.net but I'm scared to break something else. We can also special case it in the code.
 [2019-05-20 12:14 UTC] petk@php.net
I've requested to do a redirection to main canonical URL instead here https://bugs.php.net/bug.php?id=78040

Once that gets done, this will be resolved with a simple redirection before user even enters the secure.php.net documentation site.
 [2021-08-04 12:00 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2021-08-04 12:00 UTC] cmb@php.net
There is no more secure.php.net, nor are there any mirrors
anymore, so this ticket is obsolete.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 09:01:30 2024 UTC