Felix Meschberger created FELIX-4420:
----------------------------------------
Summary: [HTTP SSLFilter] Implement sendRedirect
Key: FELIX-4420
URL: https://issues.apache.org/jira/browse/FELIX-4420
Project: Felix
Issue Type: Improvement
Components: HTTP Service
Affects Versions: http-2.2.1
Reporter: Felix Meschberger
Assignee: Felix Meschberger
Fix For: http-2.2.2, http-sslfilter-1.0.0
The HTTP SSL Filter service implemented in FELIX-3693 supports revealing the
actual protocol used by the client side browser by inspecting a request header
and exposing the proper scheme through its ServletRequest.getScheme()
implementation if the actual server is operated behind an SSL terminating proxy
(i.e. client connects with HTTPS to proxy, proxy forwards request to server
over plain HTTP)
The HttpServletRequest.sendRedirect() method is declared to set the Location
header to the absolute redirect URL which includes the scheme. In an SSL
terminating proxy situation, the servlet container does not know about this
fact and hence uses the actual server scheme (HTTP) for the redirect instead of
the scheme used by client.
To fix this situation the SSL filter response should implement the
HttpServletResponse.sendRedirect() method to use use the client side scheme as
extracted from the request instead of the actual server request.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
