On 31/01/13 11:01, Min Yang wrote: > Thanks Freeman and Sergey, > > I understand it will impact the performance if open the auto redirect. But > I don't understand why it is a potential secuirty issue open the auto > redirect? Sergey, can you please explain more?
I guess we can have a bogus server or some man in the middle redirecting the client to some other bogus server Sergey > > Thanks! > > On Thu, Jan 31, 2013 at 6:00 PM, Sergey Beryozkin<[email protected]>wrote: > >> Hi >> >> On 31/01/13 05:33, Freeman Fang wrote: >> >>> Hi, >>> >>> Because if AutoRedirect is true, then we can't use chunking, which means >>> it's harm to the performance, you can get more details from [1]. >>> >> >> This is also a potential security issue so defaulting it to true is >> problematic indeed >> >> Cheers, Sergey >> >> >> >>> [1]http://cxf.apache.org/docs/**client-http-transport-** >>> including-ssl-support.html<http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html> >>> ------------- >>> Freeman(Yue) Fang >>> >>> Red Hat, Inc. >>> FuseSource is now part of Red Hat >>> Web: http://fusesource.com | http://www.redhat.com/ >>> Twitter: freemanfang >>> Blog: http://freemanfang.blogspot.**com<http://freemanfang.blogspot.com> >>> http://blog.sina.com.cn/u/**1473905042<http://blog.sina.com.cn/u/1473905042> >>> weibo: @Freeman小屋 >>> >>> On 2013-1-31, at 下午12:59, Min Yang wrote: >>> >>> Hi All, >>>> >>>> Our application is integrating with cxf to use the webservices, but we >>>> find >>>> that the service client doesn't support to auto redirect the wsdl url in >>>> default when got the 301 or 302 http code. We must have to set the >>>> parameter AutoRedirect as "true" in the http conduit configuration file. >>>> >>>> So I just want to know why cxf doesn't not set this parameter to "true" >>>> in >>>> default, do you have any concern to open this option? And we know the >>>> parameter AutoRedirect will be used when connecting the wsdl, will this >>>> option also be used when receiving the soap message? >>>> >>>> Thanks! Waiting for your response! >>>> >>>> Min >>>> >>> >>> >>> >> >> >
