404 detection broken, causing application crashes (500 Internal Server Error)
stomar opened this issue · 6 comments
The detection of missing files is broken. Every path that is only part of an existing path is assumed to be valid, which leads to application crashes because the corresponding file can not be found.
$ curl -I https://www.ruby-lang.org/en/downloads
# -> 302 Found: ok (existing path)
$ curl -I https://www.ruby-lang.org/down
# -> 500 Internal Server Error: WRONG (should be 404)
# non-existing path that is part of an existing one
$ curl -I https://www.ruby-lang.org/dOWn
# -> 404 Not Found: ok (non-existing path)
The bug is caused by lib/rack/jekyll.rb lines 67 and following:
@files = ::Dir[@path + "/**/*"].inspect if @files == "[]"
if @files.include?(path_info)
# tries to open file -> Errno::ENOENT: No such file or directory @ rb_sysopen
else
# handles 404's
endThis checks whether the request path is part of a string that contains all filenames in the _site dir!
The test doesn't work properly and assumes that paths are valid in many cases where it shouldn't.
Is there a way to patch this bug manually on Heroku until the fix is on the main branch?
You mean generally? Sure:
fork the repo and create a branch that fixes the bug; then specify your repo and branch in the Gemfile,
see https://github.com/ruby/www.ruby-lang.org/blob/master/Gemfile#L8 for an example:
gem 'rack-jekyll', '0.4.1', github: 'stomar/rack-jekyll', ref: 'allow-jekyll-2'(My fork fixes a different problem of rack-jekyll, though, and might be removed anytime we find a better solution, so do not use it.)
PS. It seems maintenance of rack-jekyll is rather dead, so I don't expect a quick fix.
Update: This is now WIP targeted for the next release.