Closed ignacio closed 9 years ago
@leafo, we will push a new LR release today or tomorrow with the config update, but that won't help current users. @Tieske sent a pull requset pinging @brunoos about the LuaSec issue (which affects LR users at large, not only for upload), but that PR needs updated support from @diegonehab's LuaSocket as well (so fixing those libraries and getting updated releases will probably take a while).
While we tweak things at the LR end, is it somehow possible to make the old upload URL function without redirects, so that things don't break for users of existing versions?
I didn't investigate any further, but my LuaSec install (including the redirect fix) gave me an error about an unsafe redirect, from https to http. Which my patch doesn't allow by default (and which LuaRocks should also not allow anyway).
So some testing needs to be done here.
Hi @leafo. I saw you commited this change but it seems that is not enough.
A permanent redirect (301) is issued, but curl, upon receiving a 301 from the server, performs a GET instead of a POST. According to curl's manual:
When curl follows a redirect and the request is not a plain GET (for example POST or PUT), it will do the following request with a GET if the HTTP response was 301, 302, or 303. If the response code was any other 3xx code, curl will re-send the following request using the same unmodified method.
So maybe issuing a temporary redirect (307) is the safe bet for now?
I removed the redirect entirely for any /api calls. Didn't get a chance to deploy (or push). Will do in a moment.
Thanks @leafo I can confirm that uploading is working with the old url, both with luasec and curl.
Awesome, thanks for checking.
Hi. It seems that after a97b17970756341fd0bf9a998aa45d027329a234 uploading rocks began to fail.
Note: I have LuaSec installed. After removing it, it goes back to using 'curl', which goes a little further but fails at the end.
The only way to fix the upload is to edit
upload_config.lua
file and change the server line toserver = "https://luarocks.org"