HttpServletResponse.sendRedirect(String location) builds absolute URL including protocol and server-name #10000
Comments
christophs78
added
the
bug
|
The servlet sendRedirect spec is pretty clear here: |
|
The servlet-spec was written at a point in time when absolute URLs were mandatory. Maybe no one has updated it since:
Making this behaviour configurable would be a good move in my opinion. |
|
@pmd1nh has opened a servlet spec issue to get clarification for this behavior. |
pmd1nh
removed
the
bug
pnicolucci
added
the
release bug
|
@pmd1nh can this one be closed now that the PR you worked is integrated? |
k8vance88
changed the title
pmd1nh
removed
the
release bug
|
blog issue #15605 |
Describe the bug
Doing
response.sendRedirect("/frw-demo/index.xhtml")creates the follwing response on OpenLiberty 19.0.0.6:Steps to Reproduce
response.sendRedirect("/frw-demo/index.xhtml")Expected behavior
Apache Tomcat 9 does the following:
Diagnostic information:
Additional context
This causes troubles behind some Reverse-Proxies.
Think the issue is related to https://github.com/OpenLiberty/open-liberty/blob/master/dev/com.ibm.ws.webcontainer/src/com/ibm/ws/webcontainer/webapp/WebAppDispatcherContext.java method convertRelativeURIToURL.
Let´s compare this to the Tomcat-implementation:
https://github.com/apache/tomcat/blob/master/java/org/apache/catalina/connector/Response.java method sendRedirect
I also did some Google-Research and https://stackoverflow.com/questions/8250259/is-a-302-redirect-to-relative-url-valid-or-invalid tells us relative redirects are allowed.
From my view the Tomcat-behaviour is the right one. Or maybe a system-property should be introduced to make this behaviour configurable.
There´s already code like
if (com.ibm.ws.webcontainer.util.WebContainerSystemProps.getSendRedirectCompatibilty())The text was updated successfully, but these errors were encountered: