On Tue, 2003-01-07 at 04:39, Remy Maucherat wrote: > Matt Parker wrote: > > If you want to mirror what Apache HTTPD does: > > > > No slash present --> append slash (only!) and redirect > > Slash present --> internally forward to welcome-file page > > > > > > Well, here's the rub: > > > > - The new servlet spec clearly states that either /foo or /foo/ should > > return a welcome-file (if specified) > > Well, this is broken behavior. If no slash, then a redirect will be sent > back to the client, otherwise, relative paths are not resolved > correctly, with no way for the app writer to anticipate it. >
That's true. Although I think it would still satisfy the spec to redirect /foo to /foo/index.html, but would a redirect from /foo to /foo/, and then forward to /foo/index.html still satisfy it? Maybe I'm being too pedantic. The actual text reads: "A request URI of /foo or /foo/ will be returned as /foo/index.html" > > > > What do y'all think? > > > > I vote +1 :) > > I'll vote the opposite ;-) > People are used to the bahavior in 4.1. In 5.0, I plan to add the option > for internal forwards in the new mapper I'll write. > > Note that internal forwards were used in early 4.0 releases, but went > away as it got reported as a security issue (the security checks apply > to the original URI, not the served welcome file). > > Remy > I hear ya. Didn't mean to be cute. Could the security check be applied after the welcome file was resolved? Or is that going to be done in your mapper? Matt -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
