SEC-1772: Unneeded URL decode in SimpleUrlLogoutSuccessHandler #2006

spring-issuemaster opened this Issue Jun 27, 2011 · 1 comment


None yet
1 participant

Mikhail Mazursky (Migrated from SEC-1772) said:

URLDecoder.decode(targetUrl, "UTF-8") call is not needed in and it breaks URLs with GET parameters escaped in them.

p.s. also isUseReferer() is missing.

Luke Taylor said:

I've removed the decoding. This was part of the patch for SEC-213, which was related to CAS proxying. I'm not sure if there was a valid reason for it then, but CAS proxying no longer requires redirects, so it no longer seems necessary in any case.

spring-issuemaster added this to the 3.1.0.RC3 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment