Thanks Freeman and Sergey, I understand it will impact the performance if open the auto redirect. But I don't understand why it is a potential secuirty issue open the auto redirect? Sergey, can you please explain more?
Thanks! On Thu, Jan 31, 2013 at 6:00 PM, Sergey Beryozkin <[email protected]>wrote: > Hi > > On 31/01/13 05:33, Freeman Fang wrote: > >> Hi, >> >> Because if AutoRedirect is true, then we can't use chunking, which means >> it's harm to the performance, you can get more details from [1]. >> > > This is also a potential security issue so defaulting it to true is > problematic indeed > > Cheers, Sergey > > > >> [1]http://cxf.apache.org/docs/**client-http-transport-** >> including-ssl-support.html<http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html> >> ------------- >> Freeman(Yue) Fang >> >> Red Hat, Inc. >> FuseSource is now part of Red Hat >> Web: http://fusesource.com | http://www.redhat.com/ >> Twitter: freemanfang >> Blog: http://freemanfang.blogspot.**com <http://freemanfang.blogspot.com> >> http://blog.sina.com.cn/u/**1473905042<http://blog.sina.com.cn/u/1473905042> >> weibo: @Freeman小屋 >> >> On 2013-1-31, at 下午12:59, Min Yang wrote: >> >> Hi All, >>> >>> Our application is integrating with cxf to use the webservices, but we >>> find >>> that the service client doesn't support to auto redirect the wsdl url in >>> default when got the 301 or 302 http code. We must have to set the >>> parameter AutoRedirect as "true" in the http conduit configuration file. >>> >>> So I just want to know why cxf doesn't not set this parameter to "true" >>> in >>> default, do you have any concern to open this option? And we know the >>> parameter AutoRedirect will be used when connecting the wsdl, will this >>> option also be used when receiving the soap message? >>> >>> Thanks! Waiting for your response! >>> >>> Min >>> >> >> >> > >
