Bug #31783 HTTP download mirrors not available for unregistered users
Submitted: 23 Oct 2007 11:07 Modified: 26 Oct 2007 7:33
Reporter: Philip Stoev Email Updates:
Status: Unsupported Impact on me:
None 
Category:MySQL Server: Packaging Severity:S3 (Non-critical)
Version: OS:Any
Assigned to: CPU Architecture:Any

[23 Oct 2007 11:07] Philip Stoev 
Description:
Hello,

For some reason if one wants to download a MySQL community product using a browser that does not retain cookies, the HTTP download links for all mirrors are broken -- they all point to the root of the mirror. FTP links work as expected.

How to repeat:
1. Open a Mozilla Firefox and set it up to clean all cookies and other information  on browser close;
2. Restart Firefox and and go to http://www.mysql.com
3. Click community, then download and pick a product to download
4. Answer "no thanks" on the registration prompt
5. Click a HTTP download link
6. You will be redirected to the root of the HTTP mirror , rather than the file itself.

Suggested fix:
Internet Exporer which does not delete cookies on close is not affected. Therefore, the fix may be to adjust the download script to provide download links regardless of whether the user has a complete set of cookies.
[23 Oct 2007 11:33] MySQL Verification Team 
Thank you for the bug report. Sorry but this Bug System doesn't handles
issues related to the web site. I already wrote to webmaster@mysql
about this.
[26 Oct 2007 7:12] Adam Donnison 
Can't duplicate this with the given steps.  If you turn off cookies entirely I can duplicate, but not if you set firefox to delete cookies on exit.  This sounds like a browser bug, not a website bug.
[26 Oct 2007 7:18] Philip Stoev 
Can the HTTP links be made to behave like the FTP links, that is, work regardless of the presence-absence of cookies. People should be able to download the product via HTTP regardless of their privacy settings.
[26 Oct 2007 7:33] Philip Stoev 
The problem is that in this link

<a href="/get/Downloads/MySQL-5.0/mysql-essential-5.0.45-winx64.msi/from/http://mirrors.dotsrc.org/mysql/">HTTP</a>

would be interpreted by Firefox as http://mirrors.dotsrc.org/mysql -- it appears that this happens because the first http:// in the link is the one preceding mirrors.dotsrc.org.

I was unable to find any standard mentioning the correct behavoir in such cases, so I would vote for escaping the http:// part.

http://www.w3.org/Addressing/URL/uri-spec.html advocates using escape for "encoging characters whose use, although technically allowed in a URI, would be unwise due to problems of corruption by imperfect gateways or misrepresentation due to the use of variant character sets, or which would simply be awkward in a given environment".