Bug: dillo fails to follow the redirects and reach the webpage
Hi i setup my RSS feeder to use dillo, but i found that dillo cant open the request pages for many feeds... example: http://feedproxy.google.com/~r/Phoronix/~3/TPVKpXMovJ8/vr.php Looks like dillo sees the first redirect, but dont really follow it to see the next redirect... yet i see it follow other redirects just fine... If i pick the redirect url and give it to dillo, it opens the page just fine. So i would say that dillo fails to follow 2 or more redirects. Thanks for dillo and for the help higuita -- Naturally the common people don't want war... but after all it is the leaders of a country who determine the policy, and it is always a simple matter to drag the people along, whether it is a democracy, or a fascist dictatorship, or a parliament, or a communist dictatorship. Voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked, and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same in every country. -- Hermann Goering, Nazi and war criminal, 1883-1946
Try adding this to your dillorc: filter_auto_requests=allow_all The default is not to allow automatic requests (such as redirects) unless they're from the same domain. Frankly I think this is a stupid default, because even though it's a little more secure, it also breaks most real world sites. Then again, there's probably a reason I'm not a Dillo dev... Cheers, ~Benjamin On Mon, 28 Feb 2011 20:53:57 -0500, higuita <higuita7@yahoo.co.uk> wrote:
Hi i setup my RSS feeder to use dillo, but i found that dillo cant open the request pages for many feeds... example:
http://feedproxy.google.com/~r/Phoronix/~3/TPVKpXMovJ8/vr.php
Looks like dillo sees the first redirect, but dont really follow it to see the next redirect... yet i see it follow other redirects just fine...
If i pick the redirect url and give it to dillo, it opens the page just fine. So i would say that dillo fails to follow 2 or more redirects.
Thanks for dillo and for the help higuita
Benjamin Johnson wrote:
The default is not to allow automatic requests (such as redirects) unless they're from the same domain. Frankly I think this is a stupid default, because even though it's a little more secure, it also breaks most real world sites.
I agree. The default even breaks Google. No doubt the security concerns are real but we need a solution that is not so bad for usability. Does anyone know if other browsers take similar precautions, and what their algorithm is? Regards, Jeremy Henty
On Tue, 01 Mar 2011 03:14:01 -0500, Jeremy Henty <onepoint@starurchin.org> wrote:
Benjamin Johnson wrote:
The default is not to allow automatic requests (such as redirects) unless they're from the same domain. Frankly I think this is a stupid default, because even though it's a little more secure, it also breaks most real world sites.
I agree. The default even breaks Google. No doubt the security concerns are real but we need a solution that is not so bad for usability. Does anyone know if other browsers take similar precautions, and what their algorithm is?
Regards,
Jeremy Henty
Opera has Tools -> Preferences -> Advanced -> Network -> Enable automatic redirection, which looks to be the same as the dillorc option, but enabled by default. There's no special algorithm, as far as I know. Regards, ~Benjamin
On Tue, Mar 01, 2011 at 08:14:01AM +0000, Jeremy Henty wrote:
Benjamin Johnson wrote:
The default is not to allow automatic requests (such as redirects) unless they're from the same domain. Frankly I think this is a stupid default, because even though it's a little more secure, it also breaks most real world sites.
I agree. The default even breaks Google. No doubt the security concerns are real but we need a solution that is not so bad for usability. Does anyone know if other browsers take similar precautions, and what their algorithm is?
I think the security concern is real - see e.g. here: http://www.owasp.org/index.php/CSRF But I would be happy if someone would come up with some more sophisticated security measures that would allow us be more compatible with common websites by default. Maybe something as described in http://www.owasp.org/index.php/File:RequestRodeo-MartinJohns.pdf Not sure whether this is still state of the art, but it sounds at least reasonable. Cheers, Johannes
participants (4)
-
higuita7@yahoo.co.uk -
Johannes.Hofmann@gmx.de -
obeythepenguin@gmail.com -
onepoint@starurchin.org