[tor-bugs] #27836 [Internal Services/Service - trac]: RSS feed https authentication
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Sep 23 23:21:00 UTC 2018
#27836: RSS feed https authentication
--------------------------------------------------+-----------------
Reporter: atagar | Owner: qbi
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Internal Services/Service - trac | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------------------+-----------------
Hi trac admins. I maintain the r2e feed that provides our tor-wiki-
changes@ list [1]. Its been broken for a while and today I spent a few
hours digging into why.
This list relies on trac's RSS feed [2]. Https looks to be broken on it.
In particular...
* **Firefox** can view the feed, but unlike other trac pages indicates the
site is insecure ('Page Info > Security' says the page is unencrypted and
lacks any certificate).
* **Curl** responds with a 403...
{{{
% curl -s
'https://trac.torproject.org/projects/tor/timeline?wiki=on&format=rss' |
grep 'Forbidden'
Error: Forbidden – Tor Bug Tracker & Wiki
<h1>Error: Forbidden</h1>
}}}
* **Python's urllib** (which is what r2e uses) fails with a 403 as well.
It can access other trac pages...
{{{
import urllib.request
request = urllib.request.Request('https://trac.torproject.org/')
}}}
... but the feed fails with...
{{{
import urllib.request
request =
urllib.request.Request('https://trac.torproject.org/projects/tor/timeline?wiki=on&format=rss')
}}}
{{{
% python3 scrap.py
Traceback (most recent call last):
File "scrap.py", line 4, in <module>
urllib.request.urlopen(request)
File "/usr/lib/python3.6/urllib/request.py", line 223, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python3.6/urllib/request.py", line 532, in open
response = meth(req, response)
File "/usr/lib/python3.6/urllib/request.py", line 642, in http_response
'http', request, response, code, msg, hdrs)
File "/usr/lib/python3.6/urllib/request.py", line 570, in error
return self._call_chain(*args)
File "/usr/lib/python3.6/urllib/request.py", line 504, in _call_chain
result = func(*args)
File "/usr/lib/python3.6/urllib/request.py", line 650, in
http_error_default
raise HTTPError(req.full_url, code, msg, hdrs, fp)
urllib.error.HTTPError: HTTP Error 403: Forbidden
}}}
At this point I'm pretty stumped. Something's broken with the feed and I'm
unsure how to work around it. We don't care about encryption on these
requests so if providing a plain http feed is easier than fixing this then
happy to go with that too (presently http is a 302 to https).
Thanks!
[1] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-wiki-changes
[2] https://trac.torproject.org/projects/tor/timeline?wiki=on&format=rss
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27836>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list