Konrad Windszus created FELIX-5309:
--------------------------------------
Summary: SslFilter: sendRedirect does not support scheme change on
the current host
Key: FELIX-5309
URL: https://issues.apache.org/jira/browse/FELIX-5309
Project: Felix
Issue Type: Bug
Affects Versions: http.sslfilter-1.0.6
Reporter: Konrad Windszus
Consider the case where application A and B are running under the same domain
example.com. A is served by an Apache Felix (below https://example.com/A) and
only supports HTTPS (being terminated e.g. by a LoadBalancer in front). B is
served by some other application server (below https://example.com/B) and only
supports HTTP.
Now I create a link from A towards B with
{{HttpServletResponse.sendRedirect("http://example.com/B/somepath"}}
This URL is automatically converted by the SslFilter to
{{https://example.com/B/somepath}} which is clearly not intended.
I think the sendRedirect(...) implementation of the SSLFilter from FELIX-4420
is way too aggressive, because it will also rewrite absolute URIs.
Actually absolute URIs should never been rewritten by that filter, only
relative ones (starting with a "/").
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
