Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 421488

Summary: [sites] Rethink site API
Product: [ECD] Orion Reporter: Mark Macdonald <mamacdon>
Component: ServerAssignee: Project Inbox <orion.server-inbox>
Status: RESOLVED WONTFIX QA Contact:
Severity: normal    
Priority: P3    
Version: 5.0   
Target Milestone: ---   
Hardware: PC   
OS: Windows 7   
Whiteboard:

Description Mark Macdonald CLA 2013-11-11 17:15:22 EST 
The REST API used for sites is too complex for our typical needs. The 'mappings' table basically describes a freeform mapping of site paths to workspace resources or URLs. It is flexible, but hard to author and validate. It should be more restrictive and tailored to specific use cases.

I.e. for a given remote path, there are basically 3 actions the server can take:

  i). Serve up a resource from the workspace.
This is the typical case for testing simple static websites, and doing plugin development.

 ii). Take some action by invoking one of the Orion rest APIs.
This case is important for self-hosting. Requests are handled by sending the request to a servlet. For example, saving a file invokes the /file API, Git operations are handled by /git, etc. Some rewriting of URLs is also involved, so that resource locations referring to the "outer" server appear to be located on the hosted site instead.

iii). Act as a proxy for a remote resource.
This is rarely used. For example, a remote service like http://google.com/search?q={...} could be proxied as http://[some orion site]/googleSearch, allowing scripts to POST to it without violating the same origin policy.


Currently case (ii) is implemented on top of (iii): forwarding a request to a servlet at /{api} is achieved by proxying it to "http://localhost:xxxx/{api}", where 'xxxx' is the port the server is listening on. It's basically a hack for the server to talk to itself. This is brittle, and requires exposing an internal port to the user, which they should never see.

I propose a simpler site API with explicit support for (i) and (ii), and support for (iii) removed entirely.
Comment 1 Mark Macdonald CLA 2014-01-24 10:54:49 EST 
(In reply to Mark Macdonald from comment #0)
> Currently case (ii) is implemented on top of (iii): forwarding a request to
> a servlet at /{api} is achieved by proxying it to
> "http://localhost:xxxx/{api}", where 'xxxx' is the port the server is
> listening on. It's basically a hack for the server to talk to itself. This
> is brittle, and requires exposing an internal port to the user, which they
> should never see.

Per bug 421695 this is not quite true anymore: case (ii) is handled by forwarding requests within the servlet container. A URL with hostname "localhost" is considered an alias for the container itself. The scheme and port number (if provided) don't matter.

The current state is sort of a partial solution pending a site API rewrite, which will hopefully provide a conceptual separation between case (ii) and (i).
Comment 2 John Arthorne CLA 2015-05-05 16:19:42 EDT 
Closing as part of a mass clean up of inactive bugs. Please reopen if this problem still occurs or is relevant to you. For more details see:


https://dev.eclipse.org/mhonarc/lists/orion-dev/msg03444.html