Yves Piel created CXF-8752:
------------------------------
Summary: Configurable list of redirectable verbs
Key: CXF-8752
URL: https://issues.apache.org/jira/browse/CXF-8752
Project: CXF
Issue Type: New Feature
Reporter: Yves Piel
Attachments: image-2022-08-18-10-57-00-592.png,
image-2022-08-18-10-57-24-093.png
Currently, redirections are limited to 'verbs with no content':
* [List of verbs with no
content|https://github.com/apache/cxf/blob/4e110842a36ac1923870df2c4b9f1a3266dfbc80/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java#L202]
* [Limitation for
redirections|https://github.com/apache/cxf/blob/4e110842a36ac1923870df2c4b9f1a3266dfbc80/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java#L1432]
In HTTP/1.1 specification it is written that automatic redirection need to be
done with care for methods not know to be safe:
!image-2022-08-18-10-57-24-093.png|width=477,height=122!
The safe methods are GET, HEAD, OPTIONS, and TRACE, those listed in[ List of
verbs with no
content|https://github.com/apache/cxf/blob/4e110842a36ac1923870df2c4b9f1a3266dfbc80/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java#L202]
.
!image-2022-08-18-10-57-00-592.png|width=394,height=302!
Although the specification tells to do redirection of not safe method with
care, it doesn't forbid it. Currently, it is not possible to do redirection of
a POST method with CXF.
Maybe it could be acceptable to configure the list of redirected verbs ?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
