[
https://issues.apache.org/jira/browse/SOLR-17434?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17879024#comment-17879024
]
David Smiley commented on SOLR-17434:
-------------------------------------
Before:
{noformat}
curl -0 -v -H "Host:" http://YOURHOSTNAME:8983/
...
< HTTP/1.1 302 Found
< Location: http://YOURIP:8983/solr/
...
{noformat}
The "YOURIP" isn't great.
Preferably the Location header is relative, just containing "/solr/" for this
example.
> Jetty relativeRedirectAllowed should be true
> --------------------------------------------
>
> Key: SOLR-17434
> URL: https://issues.apache.org/jira/browse/SOLR-17434
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: David Smiley
> Priority: Minor
>
> For a minor security benefit, avoiding exposing Solr's host & port number in
> an obscure case:
> [https://github.com/jetty/jetty.project/issues/11014]
> Assuming Solr main/10 moves on to Jetty 12, this configuration change is only
> applicable to Solr 9.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
