[CLOSED] infrequently paths showing as allowed destination hosts in menu

[msxfm]

Issue by jsamuel
Thursday Dec 22, 2011 at 18:47 GMT
Originally opened as RequestPolicy/requestpolicy#39

---

imported trac ticket
created: 2009-09-17 16:49:27
reporter: justin

Sometimes a path will show up as an allowed destination hostname in the menu. I finally found a repeatable (for the moment) example of this happening and it appears to be with a 303 Object Moved redirect to a location that is just a path (no protocol + host).

Example with some specifics removed (so you don't know what coupon my wife wanted me to print):

http://coupons2.smartsource.com/smartsource/index.jsp?Link=XXXXXXX

elicited the following Location header in the response:

Location: /YYYYYYY/dcs.gif?dcsredirect=126&dcstlh=0&...

which appears to match what I see in the !RequestPolicy menu.

However, it seems like there must be more to it as one would think this would be fairly common and so the bug would have been visible more frequently. I'll need to come up with a repeatable test case to be sure that this is the issue.

[msxfm]

Comment by jsamuel
Thursday Dec 22, 2011 at 18:47 GMT

---

imported trac comment
created: 2009-09-20 16:00:24
author: justin

Fixed in r274. This turned out to be caused by not correctly handling redirect destination locations that were only paths, not valid URIs.