You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
From my view the Tomcat-behaviour is the right one. Or maybe a system-property should be introduced to make this behaviour configurable.
There´s already code like if (com.ibm.ws.webcontainer.util.WebContainerSystemProps.getSendRedirectCompatibilty())
The text was updated successfully, but these errors were encountered:
The servlet sendRedirect spec is pretty clear here: the servlet container must convert the relative URL to an absolute URL before sending the response to the client. So the behavior Liberty has here looks correct, but we can explore the utility of making this configurable.
k8vance88
changed the title
HttpServletResponse.sendRedirect(String location) builds absolute URL including protocoll and server-name
HttpServletResponse.sendRedirect(String location) builds absolute URL including protocol and server-name
Jan 19, 2021
Describe the bug
![sendRedirect_OpenLiberty](https://user-images.githubusercontent.com/10461942/70071348-89207d00-15f5-11ea-8f25-e30fb5a4558c.png)
Doing
response.sendRedirect("/frw-demo/index.xhtml")
creates the follwing response on OpenLiberty 19.0.0.6:Steps to Reproduce
response.sendRedirect("/frw-demo/index.xhtml")
Expected behavior
![sendRedirect_Tomcat9](https://user-images.githubusercontent.com/10461942/70071438-b0774a00-15f5-11ea-853c-ed2288105e39.png)
Apache Tomcat 9 does the following:
Diagnostic information:
Additional context
This causes troubles behind some Reverse-Proxies.
Think the issue is related to https://github.com/OpenLiberty/open-liberty/blob/master/dev/com.ibm.ws.webcontainer/src/com/ibm/ws/webcontainer/webapp/WebAppDispatcherContext.java method convertRelativeURIToURL.
Let´s compare this to the Tomcat-implementation:
https://github.com/apache/tomcat/blob/master/java/org/apache/catalina/connector/Response.java method sendRedirect
I also did some Google-Research and https://stackoverflow.com/questions/8250259/is-a-302-redirect-to-relative-url-valid-or-invalid tells us relative redirects are allowed.
From my view the Tomcat-behaviour is the right one. Or maybe a system-property should be introduced to make this behaviour configurable.
There´s already code like
if (com.ibm.ws.webcontainer.util.WebContainerSystemProps.getSendRedirectCompatibilty())
The text was updated successfully, but these errors were encountered: