Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tdiary.confでbase_urlを設定したところ、サーバが起動しなくなった #1151

Open
eniehack opened this issue May 12, 2024 · 1 comment
Open

tdiary.confでbase_urlを設定したところ、サーバが起動しなくなった #1151

eniehack opened this issue May 12, 2024 · 1 comment
Labels
bug

Comments

@eniehack
Copy link

Describe the bug / 不具合の説明

https://example.com/~example/diaryのようなサブディクトリへアクセスした際にtDiaryを動作するよう、Rackを用いたセットアップを行い、実行したところ、以下のようなエラーが表示され、起動に失敗します。

/var/www/diary/vendor/bundle/ruby/3.1.0/gems/tdiary-5.2.3/lib/tdiary/application.rb:81:in `base_dir': undefined method `empty?' for nil:NilClass (NoMethodError)

                        if base_url.empty?
                                   ^^^^^^^
        from /var/www/diary/vendor/bundle/ruby/3.1.0/gems/tdiary-5.2.3/lib/tdiary/application.rb:24:in `initialize'
        from /var/www/diary/config.ru:5:in `new'
        from /var/www/diary/config.ru:5:in `block in <main>'
        from /var/www/diary/vendor/bundle/ruby/3.1.0/gems/rack-2.2.4/lib/rack/builder.rb:116:in `eval'
        from /var/www/diary/vendor/bundle/ruby/3.1.0/gems/rack-2.2.4/lib/rack/builder.rb:116:in `new_from_string'
        from /var/www/diary/vendor/bundle/ruby/3.1.0/gems/rack-2.2.4/lib/rack/builder.rb:105:in `load_file'
        from /var/www/diary/vendor/bundle/ruby/3.1.0/gems/rack-2.2.4/lib/rack/builder.rb:66:in `parse_file'
        from /var/www/diary/vendor/bundle/ruby/3.1.0/gems/rack-2.2.4/lib/rack/server.rb:349:in `build_app_and_options_from_config'
        from /var/www/diary/vendor/bundle/ruby/3.1.0/gems/rack-2.2.4/lib/rack/server.rb:249:in `app'
        from /var/www/diary/vendor/bundle/ruby/3.1.0/gems/rack-2.2.4/lib/rack/server.rb:422:in `wrapped_app'
        from /var/www/diary/vendor/bundle/ruby/3.1.0/gems/rack-2.2.4/lib/rack/server.rb:312:in `block in start'
        from /var/www/diary/vendor/bundle/ruby/3.1.0/gems/rack-2.2.4/lib/rack/server.rb:379:in `handle_profiling'
        from /var/www/diary/vendor/bundle/ruby/3.1.0/gems/rack-2.2.4/lib/rack/server.rb:311:in `start'
        from /var/www/diary/vendor/bundle/ruby/3.1.0/gems/rack-2.2.4/lib/rack/server.rb:168:in `start'
        from /var/www/diary/vendor/bundle/ruby/3.1.0/gems/tdiary-5.2.3/lib/tdiary/cli.rb:129:in `server'
        from /var/www/diary/vendor/bundle/ruby/3.1.0/gems/thor-1.2.1/lib/thor/command.rb:27:in `run'
        from /var/www/diary/vendor/bundle/ruby/3.1.0/gems/thor-1.2.1/lib/thor/invocation.rb:127:in `invoke_command'
        from /var/www/diary/vendor/bundle/ruby/3.1.0/gems/thor-1.2.1/lib/thor.rb:392:in `dispatch'
        from /var/www/diary/vendor/bundle/ruby/3.1.0/gems/thor-1.2.1/lib/thor/base.rb:485:in `start'
        from /var/www/diary/vendor/bundle/ruby/3.1.0/gems/tdiary-5.2.3/bin/tdiary:7:in `<top (required)>'
        from /var/www/diary/vendor/bundle/ruby/3.1.0/bin/tdiary:25:in `load'
        from /var/www/diary/vendor/bundle/ruby/3.1.0/bin/tdiary:25:in `<main>'

なお、ディレクトリやドメインなどは実際のものとは変えています。

To Reproduce / 再現手順
Steps to reproduce the behavior:

  1. gem install tdiary
  2. tdiary new diary && cd diary
  3. vim Gemfile.local (tdiaryのバージョンを5.2.3に固定)
  4. bundle install
  5. cp tdiary.conf.beginner tdiary.conf
  6. echo -e "def base_url\n'https://example.com/~example/diary'\nend\n" >> tdiary.conf
  7. bundle exec tdiary server

Expected behavior / 期待した動作
A clear and concise description of what you expected to happen.

  • サーバが起動すること
    Environment / 動作環境
  • OS: Debian 12 Bookworm
  • Browser: Firefox
  • tDiary Version: 5.2.3
  • Ruby: 3.1.2

Additional context

base_urlをtdiary.confに設定せずに実行したところサーバ自体は起動したもののCSRF関連のエラーが帰ってくるようになったため、前述の通りbase_urlを設定し実行したところ、起動しなくなった。base_urlをtdiary.conf書きこまずに実行したところ、サーバの起動は確認できたが、https://example.com/~example/diary/update.rb?conf=defaultからの設定更新に失敗する。ブラウザの開発者ツール(F12キーで起動するもの)のネットワークモニタを確認したところ、ajaxのリクエストがInternal Server Errorを返しており、その応答内容を確認すると https://tdiary.org/20050721.html にあるような以下のCSRF関連メッセージが表示される。

Diagnostics:
    - Protection Method is 1
    - Mode is saveconf
        - GET is not allowed
    - Request Method is POST
    - Referer is another page
        - Given referer:       https://example.com/~example/diary/update.rb
        - Expected base URI:   https://example.com/
        - Expected update URI: https://example.com/update.rb
    - CSRF key is nothing
@eniehack eniehack added the bug label May 12, 2024
@eniehack eniehack changed the title tdiary.conでbase_urlを設定したところ、サーバが起動しなくなった tdiary.confでbase_urlを設定したところ、サーバが起動しなくなった May 19, 2024
@hsbt
Copy link
Member

hsbt commented May 24, 2024

返事遅くなりました 🙏 まずは報告ありがとうございます。

まだ私の方で再現手順を用いた検証はできていないので、そこから調べていこうと思います。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hsbt @eniehack