Re: [DOCS] sphinx: use new Sphinx links

["Martin Liška" <mliska@suse.cz>]

On 11/10/22 11:03, Gerald Pfeifer wrote:
> On Thu, 10 Nov 2022, Martin Liška wrote:
>>> https://gcc.gnu.org/install/ is back with a new face.
>> But it's not working properly due to some Content Security Policy:
> 
> Hmm, it worked in my testing before and I just tried again:
> 
> Firefox 106.0.1 (64-bit) and now also Chrome 106.0.5249.119
> and w3m.
> 
> Which browser are you using? Any particular add-ons or special security
> settings?
> 
>> Refused to apply inline style because it violates the following Content
>> Security Policy directive: "default-src 'self' http: https:". Either the
>> 'unsafe-inline' keyword, a hash
>> ('sha256-wAI2VKPX8IUBbq55XacEljWEKQc4Xc1nmwVsAjAplNU='), or a nonce
>> ('nonce-...') is required to enable inline execution. Note also that
>> 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
> 
> That looks like it's related to some Javascript fun? Does sphinx pull in
> something? Ohhhh, it does. A lot.
> 
> I'm not using any Javascript blocker, though, so not sure why I am not
> seeing any such warnings?
> 
> Searching for "+sphinx" and this message did not result in anything.
> 
> (It feels a bit curious how the position in the web server's file system
> or a symlink could trigger something like that?)
> 
> 
> Looking at the source code of index.html I am wondering about
> 
>    <html class="no-js" lang="en">
> 
> versus all the .js inclusions later on.
> 
> And https://validator.w3.org/nu/?doc=https%3A%2F%2Fgcc.gnu.org%2Finstall%2F
> and https://validator.w3.org/nu/?doc=https%3A%2F%2Fgcc.gnu.org%2Fonlinedocs%2Finstall%2F
> appear equally (un)happy.
> 
> Gerald

Well, I can also reproduce it on my mobile phone.

Anyway, the difference is:

$ curl https://gcc.gnu.org/install/index.html -v &> bad.txt
$ curl https://gcc.gnu.org/onlinedocs/install/index.html -v &> good.txt

$ diff -u good.txt bad.txt
--- good.txt	2022-11-10 11:33:45.293631904 +0100
+++ bad.txt	2022-11-10 11:33:37.813669264 +0100
@@ -32,31 +32,32 @@
  *  subjectAltName: host "gcc.gnu.org" matched cert's "gcc.gnu.org"
  *  issuer: C=US; O=Let's Encrypt; CN=R3
  *  SSL certificate verify ok.
   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Using HTTP2, server supports multiplexing
+* Using HTTP2, server supports multiplexing
  * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  } [5 bytes data]
  * h2h3 [:method: GET]
-* h2h3 [:path: /onlinedocs/install/index.html]
+* h2h3 [:path: /install/index.html]
  * h2h3 [:scheme: https]
  * h2h3 [:authority: gcc.gnu.org]
  * h2h3 [user-agent: curl/7.86.0]
  * h2h3 [accept: */*]
  * Using Stream ID: 1 (easy handle 0x5555555bf890)
  } [5 bytes data]
-> GET /onlinedocs/install/index.html HTTP/2
+> GET /install/index.html HTTP/2
  > Host: gcc.gnu.org
  > user-agent: curl/7.86.0
  > accept: */*
  >
  { [5 bytes data]
  < HTTP/2 200
-< date: Thu, 10 Nov 2022 10:33:45 GMT
+< date: Thu, 10 Nov 2022 10:33:37 GMT
  < server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_qos/11.70 mod_wsgi/4.6.4 Python/3.6 mod_perl/2.0.12 Perl/v5.26.3
  < last-modified: Wed, 09 Nov 2022 18:51:10 GMT
  < etag: "8232-5ed0e23e07250"
  < accept-ranges: bytes
  < content-length: 33330
  < vary: Accept-Encoding
+< content-security-policy: default-src 'self' http: https:
  < strict-transport-security: max-age=16070400
  < content-type: text/html; charset=utf-8
  <
@@ -485,7 +486,7 @@
        
        
      </aside>
100 33330  100 33330    0     0  61514      0 --:--:-- --:--:-- --:--:-- 61494
100 33330  100 33330    0     0  62652      0 --:--:-- --:--:-- --:--:-- 62768
  * Connection #0 to host gcc.gnu.org left intact
  v>
  </div><script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>

=======

See that the problematic for some reason uses "content-security-policy: default-src 'self' http: https:".
And it uses 'Using HTTP2, server supports multiplexing'

Martin