[Bug 59779] useRelativeRedirects being enabled breaks proxyPort and scheme

Fri, 01 Jul 2016 10:14:01 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=59779

--- Comment #2 from NateC <apa...@neworld.us> ---
(In reply to Mark Thomas from comment #1)
> (In reply to NateC from comment #0)
> > Tomcat 7.0.67 added the ability respond with relative redirects, which
> > defaults to enabled. If proxyPort or scheme is specified in the connector
> > which a context uses and the context has useRelativeRedirects the proxy port
> > and scheme are dropped from redirect.
> 
> Why is that a problem? The redirect is relative to the current page and the
> user agent will construct the target URL based on whatever scheme and port
> it used to connect to the original page.

That is the problem the server is configured to redirect to a different scheme
or port.

> > The only way to stop this globally is
> > to enable org.apache.catalina.STRICT_SERVLET_COMPLIANCE,
> 
> No it is not. Defaults for all contexts can be set in
> $CATALINA_BASE/conf/context.xml. Defaults can also be set per virtual host.

Sorry about that. Being able to define defaults for each engine and host is
probably enough as long as no servlet contexts override it.

> > but that changes
> > other values too. It would be better if
> > org.apache.catalina.connector.Response.sendRedirect could check if any
> > values used to construct the redirect url had been modified during the
> > processing of the request and an absolute response is required.
> 
> I don't understand the problem. I think a concrete example is required.

An example Connector configuration which would have this issue:
<Connector
           protocol="org.apache.coyote.http11.Http11AprProtocol"
           port="80"
           secure="true"
           scheme="https"
           proxyPort="443"
           URIEncoding="UTF-8"
           />

When a client makes a request to http://example.com/servlet/index.html and the
servlet performs a redirect to "landingPage.html" when constructing an absolute
URL the redirect is to "https://example.com:443/servlet/landingPage.html"; but
when it is relative the url is just "landingPage.html", which the client will
interpret as "http://example.com/servlet/landingPage.html";

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to