New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/website: Download redirection for GPG signature files does not work #35717
Comments
I've opened golang/website#6 which adds the redirection for GPG signature files and resolves this issue. I don't understand why the odd response is returned, as far as I can see the matching case is this: I can only reproduce this with files starting with
But in this case so the location header should not be set here: I'll stop here, I've found no way to run this server locally. |
Change https://golang.org/cl/208158 mentions this issue: |
@dmitshur do you think it's worth investigating the odd behavior I discovered? I can create new issue for that if needed. |
Fixes golang/go#35717 Change-Id: I6d063fb1d6c33b60a7bcf34cda832011a2fc120d GitHub-Last-Rev: 9706ecb20d608d8688f4cf5dfea81c59ba718f6c GitHub-Pull-Request: golang/website#6 Reviewed-on: https://go-review.googlesource.com/c/website/+/208158 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
I've tried to download the GPG signature files for Go and discovered some odd behavior:
Go releases can be downloaded by accessing e.g. https://golang.org/dl/go1.13.4.src.tar.gz. There's a redirect to https://dl.google.com/go/go1.13.4.src.tar.gz:
So I can just use
curl -L
orwget
to download the release:This does not work for the GPG signature files:
The server's response for a signature is a bit odd:
There's a
location
header which is ignored by browsers because the status code is 200, but browsers will honor themeta
tag and redirect tohttps://golang.org/dl/
.The signature file can be accessed here though:
What did you expect to see?
The URL https://golang.org/dl/go1.13.4.src.tar.gz.asc should redirect to https://dl.google.com/go/go1.13.4.tar.gz.asc as for the normal releases.
What did you see instead?
The server returns an odd result with a status code of 200 and a
location
header.The text was updated successfully, but these errors were encountered: