Hi While you are technically correct, the request.getServerPort() should really reflect the port that the actual SSL terminating server is running on.
If this is the default port (getServerPort may return -1) this would still be 443 and not 80. So it should probably be checked that we get the SSL terminator’s port right. And this is really the bug: The current SslFilterRequest implementation does not implement the getServerPort method to ensure this. Regards Felix Am 29.09.2014 um 11:16 schrieb Jan Willem Janssen <[email protected]<mailto:[email protected]>>: Signierter PGP Teil On 29/09/14 10:59, Felix Meschberger wrote: > Hi Antonio, > > I agree this is a bug. > >> >> looking at [FELIX-3693] HTTP SSLFilter [0] specially at the >> SslFilterRequest it looks to me that the final Request object >> might end up having this weird behavior: >> >> - request.getScheme() ==> https - request.getServerPort() ==> 80 >> >> and possibly >> >> - request.getRequestURL() ==> https://domain.80/active.html >> >> IMHO having a scheme https with a port 80 might lead to some >> inconsistencies . WDYT? I'm less inclined to immediately state this as a bug. Though it is by convention to use port 443 for secure HTTP, actually nothing prevents me from using port 80 instead for secure HTTP. -- Met vriendelijke groeten | Kind regards Jan Willem Janssen | Software Architect +31 631 765 814 /My world is revolving around INAETICS and Amdatu/ Luminis Technologies B.V. Churchillplein 1 7314 BZ Apeldoorn +31 88 586 46 00 http://www.luminis-technologies.com http://www.luminis.eu KvK (CoC) 09 16 28 93 BTW (VAT) NL8169.78.566.B.01
