Skip to content

fix(gnoweb): update ts URL construction in _fetchQEval to handle existing http protocols #4964

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
alexiscolin wants to merge 4 commits into
base: master
Choose a base branch
from
Open

fix(gnoweb): update ts URL construction in _fetchQEval to handle existing http protocols #4964

alexiscolin wants to merge 4 commits into from

Conversation

@alexiscolin
Copy link
Member

@alexiscolin alexiscolin commented Dec 11, 2025
edited
Loading

Added normalizeRemoteURL() function in main.go to ensure the remote URL has a valid HTTP(S) protocol before being used by the frontend and CSP.

  • tcp:// is converted to http:// (RPC uses HTTP over TCP)
  • Missing protocol defaults to http:// (local)
  • http:// and https:// are kept as-is
  • Updated SecureHeadersMiddleware to use the normalized URL for CSP connect-src
  • This prevents malformed URLs (e.g., http://https://...) and allows users to use -remote tcp://... seamlessly.

Note: The root cause may be a misconfigured remote value in production (e.g., missing the : in https://). This fix handles the symptom, but the remote URL configuration might also be verified just in case.

@github-actions github-actions bot added 📦 ⛰️ gno.land Issues or PRs gno.land package related 🌍 gnoweb Issues & PRs related to gnoweb and render labels Dec 11, 2025
@Gno2D2 Gno2D2 requested a review from gfanton December 11, 2025 04:52
@Gno2D2
Copy link
Collaborator

Gno2D2 commented Dec 11, 2025
edited
Loading

🛠 PR Checks Summary

🔴 Changes related to gnoweb must be reviewed by its codeowners

Manual Checks (for Reviewers):
  • IGNORE the bot requirements for this PR (force green CI check)
Read More

🤖 This bot helps streamline PR reviews by verifying automated checks and providing guidance for contributors and reviewers.

✅ Automated Checks (for Contributors):

🟢 Maintainers must be able to edit this pull request (more info)
🔴 Changes related to gnoweb must be reviewed by its codeowners

☑️ Contributor Actions:
  1. Fix any issues flagged by automated checks.
  2. Follow the Contributor Checklist to ensure your PR is ready for review.
    • Add new tests, or document why they are unnecessary.
    • Provide clear examples/screenshots, if necessary.
    • Update documentation, if required.
    • Ensure no breaking changes, or include BREAKING CHANGE notes.
    • Link related issues/PRs, where applicable.
☑️ Reviewer Actions:
  1. Complete manual checks for the PR, including the guidelines and additional checks if applicable.
📚 Resources:
Debug
Automated Checks
Maintainers must be able to edit this pull request (more info)

If

🟢 Condition met
└── 🟢 And
    ├── 🟢 The base branch matches this pattern: ^master$
    └── 🟢 The pull request was created from a fork (head branch repo: alexiscolin/gno)

Then

🟢 Requirement satisfied
└── 🟢 Maintainer can modify this pull request
Changes related to gnoweb must be reviewed by its codeowners

If

🟢 Condition met
└── 🟢 And
    ├── 🟢 The base branch matches this pattern: ^master$
    └── 🟢 A changed file matches this pattern: ^gno.land/pkg/gnoweb/ (filename: gno.land/pkg/gnoweb/frontend/js/controller-action-function.ts)

Then

🔴 Requirement not satisfied
└── 🔴 Or
    ├── 🔴 Or
    │   ├── 🔴 And
    │   │   ├── 🟢 Pull request author is user: alexiscolin
    │   │   └── 🔴 This user reviewed pull request: gfanton (with state "APPROVED")
    │   └── 🔴 And
    │       ├── 🔴 Pull request author is user: gfanton
    │       └── 🔴 This user reviewed pull request: alexiscolin (with state "APPROVED")
    └── 🔴 And
        ├── 🔴 Not (🟢 Pull request author is user: alexiscolin)
        ├── 🟢 Not (🔴 Pull request author is user: gfanton)
        └── 🔴 Or
            ├── 🔴 This user reviewed pull request: alexiscolin (with state "APPROVED")
            └── 🔴 This user reviewed pull request: gfanton (with state "APPROVED")
Manual Checks
**IGNORE** the bot requirements for this PR (force green CI check)

If

🟢 Condition met
└── 🟢 On every pull request

Can be checked by

  • Any user with comment edit permission

@codecov
Copy link

codecov bot commented Dec 11, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

jefft0
jefft0 reviewed Dec 11, 2025
View reviewed changes
@alexiscolin alexiscolin requested a review from jefft0 December 11, 2025 10:14
jefft0
jefft0 reviewed Dec 11, 2025
View reviewed changes
gno.land/pkg/gnoweb/frontend/js/controller-action-function.ts Outdated
// - tcp:// is converted to http:// (RPC over HTTP)
// - No protocol defaults to http://
private _normalizeRemoteUrl(url: string): string {
if (url.startsWith("tcp://")) return url.replace("tcp://", "http://");
Copy link
Contributor

@jefft0 jefft0 Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we change tcp://127.0.0.1:26657 to http://127.0.0.1:26657, then we also need to change it here when we set the CSP for connect-src:

gno/gno.land/cmd/gnoweb/main.go

Line 336 in de7d586

remote,

Copy link
Contributor

@jefft0 jefft0 Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

... probably for other changes to the remote string, but I can't test them locally.

Copy link
Contributor

@jefft0 jefft0 Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

... In fact, maybe it's better to correct the cfg.remote URL much earlier before it is used, like here:

gno/gno.land/cmd/gnoweb/main.go

Line 228 in de7d586

appcfg.NodeRemote = cfg.remote

Copy link
Member Author

@alexiscolin alexiscolin Dec 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @jefft0! You are right, this will keep the JS fetch clean too. I Updated the PR to normalize the URL at the Go level instead

jefft0
jefft0 approved these changes Dec 12, 2025
View reviewed changes
Copy link
Contributor

@jefft0 jefft0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested locally with

gnoweb
gnoweb -remote 127.0.0.1:26657
gnoweb -remote http://127.0.0.1:26657
gnoweb -remote tcp://127.0.0.1:26657

@Kouteki Kouteki moved this from Triage to In Review in 🧙‍♂️Gno.land development Dec 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gfanton gfanton Awaiting requested review from gfanton

1 more reviewer

@jefft0 jefft0 jefft0 approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@alexiscolin alexiscolin

Labels

🌍 gnoweb Issues & PRs related to gnoweb and render 📦 ⛰️ gno.land Issues or PRs gno.land package related

Projects

💪 Bounties & Worx
Status: No status
🧙‍♂️Gno.land development
Status: In Review

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alexiscolin @Gno2D2 @jefft0