DotNet: support protocol relative URLs

[kellyhutchins]

Update the proxy so that if a location starts with // any protocol (http or https) will be accepted. The php and java proxies already support this behavior.

[kellyhutchins]

@jgravois @afili can you look at this one?

[esoekianto]

@jgravois @kellyhutchins

this is how java handles it,

public static boolean isUrlPrefixMatch(String prefix,String uri){
return uri.toLowerCase().startsWith(prefix.toLowerCase()) ||
uri.toLowerCase().replace("https://","http://").startsWith(prefix.toLowerCase()) ||
uri.toLowerCase().substring(uri.indexOf("//")).startsWith(prefix.toLowerCase());
}

then call isUrlPrefixMatch(su.getUrl(), uri) in getConfigServerUrl() function
we can just implement the same in .NET

[jgravois]

based on changes yesterday, whether or not 'http' or 'https' is specified in the proxy.config, a request to the resource using either protocol will be forwarded.

we don't appropriately handle if someone just uses '//server.com'.

it seems to me like it would make more sense for someone who wants to block requests with a particular protocol on a server to handle that in the server configuration itself (rather than via proxy security) so we might just leave the current behavior as is and document it. its definitely sufficient for the 1.0 release anyway.

[kellyhutchins]

@jgravois I think the issue is that both php and java already support this so ideally we'd like it to work the same in .NET. Do you think its a common use case that someone would to block request w with a particular protocol? I haven't run into anyone asking for that functionality - but perhaps its come up before?

[jgravois]

i agree that consistency is king, but i have never heard of someone expecting/wanting the proxy to block the alternate protocol, only cases where they ran into trouble because both weren't allowed.

[bsvensson]

@jgravois This comes in handy for some arcgisonline url's where it get switched from http to https automatically (and proxy would fail unless you set up both). It would be somewhat similar in principle to protocol relative URL as described in http://www.paulirish.com/2010/the-protocol-relative-url/

http://example.com - support http only
https://example.com - support https only
//example.com - support both http and https.

[jgravois]

my preference/opinion is that the current behavior of the .NET proxy (in which specifying either 'http' or 'https' in proxy.config allows users to proxy both protocols) is best because it doesn't require people to specify a protocol relative URL to avoid the kinds of problem Bjorn is referring to.

that being said, @afili and i are happy to rewrite the logic so that only specifying '//example.com' allows for proxying both. it shouldn't be hard.

[esoekianto]

java is now following .NET, so if this really need to be addressed, we can come up with something

[jgravois]

merged .NET fix is 5421505 safe to close.