referer URL parsing should ignore 'show_me_another' string

[boonebgorges]

Copying from https://openlab.citytech.cuny.edu/groups/openlab-webwork-integration-project/forum/topic/new-issue/:

===

Sorry to add to the complications, but I have been encouraging faculty to enable the “Show Me Another” feature of WeBWorK this semester. (It wasn’t working properly before, but I’ve sorted out the underlying conditional logic now.) The Show Me Another feature allows students to practice on un-graded, re-randomized versions of any problem.

I have a student who has submitted a question from a “Show Me Another” problem https://openlab.citytech.cuny.edu/ol-webwork/#:problemId=local/QuadraticFormula/two-real-NS.pg:questionId=975

It seems that OL-WW is identifying these questions as coming from course: “show_me_another” and professor: “show_me_another”, thought it correctly identified the problem set as QuadraticFormula…

Is this because the referring URL is being parsed from the tail end, rather than from the beginning? (because the only thing that has changed about the URL is the inclusion of “show_me_another” between the professorSection/problemSet/problemNumber/ and the authentication data…) referring URL: http://mathww.citytech.cuny.edu/webwork2/MAT1275EN-S18-Parker/AC-Method/6/show_me_another/?user=admin&key…

[boonebgorges]

Is this because the referring URL is being parsed from the tail end, rather than from the beginning?

Essentially, yes. https://github.com/livinglab/webwork-for-wordpress/blob/6c42c0243971e7ffd9fdc780accc62b0765b2802/classes/Server.php#L218

I feel like I did it this way originally to account for some difference between the production site URL and the URL of the testing site, but I'll have to dig back through the code to see. In any case, it shouldn't be a problem to fix the logic.

Once this is done, I'll scan the existing content to see if there's a large amount of stuff that needs cleaning up. The original referer URL is stored with each question, so it should be possible to regenerate this information.

cc @drdrew42 as an FYI

[boonebgorges]

This has been fixed in the codebase, and the instances on the production site have been cleaned up.

@drdrew42 Is it easy for you to create a problem on the WW-Dev server that has a show_me_another URL? This would make it possible for the team to test. Otherwise you'll have to take my word for it that it's fixed (I've tested locally).

[drdrew42]

The show me another feature has now been enabled in WW-Dev.

[bree-z]

I think this is working, but just to verify here are the URLs for the problem I was testing with:

WW-Dev problem URL: http://mathww.citytech.cuny.edu/webwork2/WW-Dev/CoordinatePlaneTrig/5/show_me_another/?key=pu5cqsAaYd3fHfE8ITES5UUCXFyPwTAF&effectiveUser=student1&user=student1 URL with user key: http://openlabdev.org/webwork-playground/?post_data_key=webwork_post_data_4055b3b1e983204c0d894578b679f615#:problemId=local/CoordinatePlaneTrig/ratio-inequality-xyr-other.pg URL after question is posted:http://openlabdev.org/webwork-playground/#:problemId=local/CoordinatePlaneTrig/ratio-inequality-xyr-other.pg

Thanks!

[boonebgorges]

This looks good to me, @bree-z. The key thing you'll see in the interface is that the Course/Section info is correct (as opposed to 'show_me_another'). See screenshot:

If this is confirmed, I think this ticket's ready to close.

[bree-z]

Aha, thanks. I actually don't see any course/section or other info in the bottom corner.

WW URL: http://mathww.citytech.cuny.edu/webwork2/WW-Dev/CoordinatePlaneTrig/3/show_me_another/?user=student1&key=7UdrBsxzdqTYKRQvlD9KaLT9DXUNSQeY&effectiveUser=student1 Problem URL: http://openlabdev.org/webwork-playground/#:problemId=local/CoordinatePlaneTrig/identify-quadrant.pg#:problemId=local/CoordinatePlaneTrig/identify-quadrant.pg

[bree-z]

Oh, wait, sorry, maybe I was looking in the wrong place. Here's what it looks like from the homepage, where the problem set appears, but no course info:

[boonebgorges]

Hmm... I just tested and it's working properly for me.

(coming from http://mathww.citytech.cuny.edu/webwork2/WW-Dev/CoordinatePlaneTrig/1/?key=i58zyGuEQXdIOj59iUimPVlnule0c2pD&effectiveUser=bgorges&user=bgorges, though I also tried with Problem 3 and it's working there too)

[bree-z]

Sorry if I'm doing something wrong, but I'm still not seeing the course info. Here are the steps I'm following (I tried with a student account and an admin account and go the same result):

1. I go to this question: http://mathww.citytech.cuny.edu/webwork2/WW-Dev/CoordinatePlaneTrig/1/?user=bzuckerman&effectiveUser=bzuckerman&key=88I5zUQVRA5hm75EfuOZeTWkKbFJo8gJ

2. I click the "Show me Another" button so I'm now on this question: http://mathww.citytech.cuny.edu/webwork2/WW-Dev/CoordinatePlaneTrig/1/show_me_another/?key=88I5zUQVRA5hm75EfuOZeTWkKbFJo8gJ&effectiveUser=bzuckerman&user=bzuckerman

3. I click "Ask for Help" and I ask my question on the OLdev WW site: http://openlabdev.org/webwork-playground/#:problemId=local/CoordinatePlaneTrig/six-trig-point-q1.pg#:problemId=local/CoordinatePlaneTrig/six-trig-point-q1.pg

Here's what I see:

And then if I go to the homepage, here's what I see:

[bree-z]

Could it be a Firefox problem? I noticed that I was seeing the same lack of course information even when I wasn't on an "Ask me another" question. So, I tested in Chrome and got all the course/question info. But when I use Firefox I don't. I tried manually clearing all browser data and restarted FF, but I still see the same thing.

Here's the same question asked in Chrome and FF:

Question URL: http://mathww.citytech.cuny.edu/webwork2/WW-Dev/CoordinatePlaneTrig/1/show_me_another/?effectiveUser=bzuckerman&user=bzuckerman&key=Qmherzf2ruvdcEkO97hUtM58NoYgVx0L

Thanks!

[boonebgorges]

@bree-z Ah, interesting theory. But I just tested with Firefox and course information was parsed as expected.

I also did some testing to see if this had to do with the login redirect (initiating the Ask while logged out on the OL), but that doesn't seem to make a difference on my end either.

Shot in the dark, but maybe you're running some FF extension that's causing the information not to be parsed correctly? Is course information being parsed properly in the case of regular WW questions on this installation of FF (ie, those that are not Show Me Another)? It's possible - though I'm unsure what the details might look like - that a privacy-related extension or something like that might alter referer URLs in transit, which would affect the way that OL-WW parses out the course data.

I've just put some debug code in place on openlabdev.org that will collect some information at the time that the 'Ask For Help' clicks are processed. When you get a moment, would you run another test? Take careful note of the time, so that I can easily match against the logs.

[bree-z]

Thanks, Boone. Course information was not being parsed properly in the case of regular WW questions (non-Show Me Another questions).

I just went to test now though and when I ask a question from WW-Dev, the OL WW site doesn't open, I just end up the homepage of openlabdev.org. I tried a few different ways -- not logged in, logged in in another tab, and logged in and also with the OL WW site open in another tab, and each time, asking a question takes me to the openlabdev.org homepage. E.g.:

WW URL: http://mathww.citytech.cuny.edu/webwork2/WW-Dev/CoordinatePlaneTrig/5/?user=student1&key=U2q9lPxcq8qGcVq36Re2yHsbCon0zutE&effectiveUser=student1

OLdev URL: http://openlabdev.org/?post_data_key=webwork_post_data_268fe7000430e5f5f55a81e6722bd564#:problemId=local/CoordinatePlaneTrig/ratio-inequality-xyr-other.pg#:problemId=local/CoordinatePlaneTrig/ratio-inequality-xyr-other.pg

Thanks!

[bree-z]

Also, in case it's helpful, I don't have any privacy extensions activated. The only add-ons I have are Cisco WebEx and Nimbus Screen Capture.

[boonebgorges]

Thanks. This is also probably a remnant of the config change.

@drdrew42 Could you please make sure that the WWDev configuration is set so that Ask For Help is sent to http://openlabdev.org/webwork-playground/?webwork=1? Currently I believe the webwork-playground part of the URL is absent.

[bree-z]

Just pinging this again, since we can't test the WeBWorK-OL interface. @drdrew42 could you take a look at the WWDev configuration when you get a chance?

Thanks!

[drdrew42]

Sorry I missed this - there have been quite a few github emails to parse through. This one fell through the cracks. Is it working with WW-Dev as expected?

[boonebgorges]

Looks like it's working properly - Bree should confirm!

[bree-z]

Thanks @drdrew42 ! It's working with WW-Dev, but not with http://mathww.citytech.cuny.edu/webwork2/MAT9999-S17-Zuck .

Thanks!

[bree-z]

And for @boonebgorges debugging:

I still see the same lack of Course/Section info for the question.

WW-Dev URL (clicked Ask for Help at 4:11am EDT): http://mathww.citytech.cuny.edu/webwork2/WW-Dev/ParabolaVertices-VertexFormula/2/?key=QRoj4pi4PsMEXQA3cnYI69PU0rvkY7du&user=student1&effectiveUser=student1

OL-WW URL (posted question at 4:12am EDT): http://openlabdev.org/webwork-playground/#:problemId=local/ParabolaVertices-VertexFormula/vertex-formula-fractions.pg:questionId=11741

[boonebgorges]

Thanks, Bree. Unfortunately, the debugging didn't catch anything interesting - from what I see in the logs, it should've worked. I'm also still unable to reproduce.

I've just put a bit more debugging in place. When you get a chance, please try again, and pass along the timestamps.

If anyone else could confirm that this problem exists or does not exist - with a different user, different computer, different browser, etc - it would provide helpful data points.

[bree-z]

Sure @boonebgorges . Here's a new one:

WW-Dev URL (around 10:35 or 10:36 am EDT): http://mathww.citytech.cuny.edu/webwork2/WW-Dev/ZeroProductProperty/2/?user=bzuckerman&key=E7WydlqdRqfmTaczHNXExXb3OE1q2Zt9&effectiveUser=bzuckerman

OLdev URL (around 10:38am): http://openlabdev.org/webwork-playground/?post_data_key=webwork_post_data_3777f35e9672efc2bf218bc62acaf585#:problemId=local/setZeroProductProperty/ZPP-binomials.pg

@moui72 could you see if you can reproduce this issue? (The problem is actually different from the title of the ticket. When I ask a question from WW-Dev in Firefox, the Course/Section information doesn't appear. Chrome is fine. If you want to read through the previous comments, I think you can start from here: https://github.com/livinglab/webwork-for-wordpress/issues/111#issuecomment-392454017 ) Thanks!

[boonebgorges]

Thanks for bearing with me, @bree-z. This round of testing suggested that Firefox is stripping the path off of the HTTP_REFERER header when redirecting to OL-WW. When I googled that hunch, I got this: https://blog.mozilla.org/security/2018/01/31/preventing-data-leaks-by-stripping-path-information-in-http-referrers/

Are you by chance using a private window when you test in FF?

[bree-z]

Thanks for bearing with me and my Firefox privacy settings! That appears to have done the trick! I just posted a question with all the correct Course and Section info.

[boonebgorges]

Got it. I think this means that no further action is needed - if this is only something that crops up in private mode, I don't think we need to spend the time to work around it. (For the record, I don't have a clear sense of what the workarounds would be.)

[boonebgorges]

Sounds like this is resolved.