-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Léa,
On 10/31/14 8:06 AM, Léa Massiot wrote:
> Hello and thank you for reading my post.
>
> I'm trying to make a webapp work with HTTPS. It was working
> properly with HTTP. Below is the problem I have.
>
> Inside a servlet, in its "doPost()" method, to check whether the
> "incoming JSP" is "example1.jsp" or "example2.jsp", I am using the
> following piece of code:
> -----------------------------------------------------------
> s_referer = request.getHeader("referer");
>
> if(s_referer.contains("example1.jsp") == true)
Note that true == true is always true and true == false is always false.
> { b_jspReferer1 = true; } if(s_referer.contains("example2.jsp") ==
> true) { b_jspReferer2 = true; }
What is the referrer contains both example1.jsp *and* example2.jsp?
> -----------------------------------------------------------
>
> In "example1.jsp" and "example2.jsp" there is a "<form>" element
> which "action" attribute is set to "do_example":
> ----------------------------------------------------------- <form
> method="post" action="do_example"> [...] </form>
> -----------------------------------------------------------
>
> Now that I'm using HTTPS, "s_referer" is always equal to
> "do_example" in the servlet.
That's weird. Does do_example do an internal forward to
example(1|2).jsp for redisplay?
If the browser doesn't want to send the Referer header, it won't send
one... it's not going to send something bogus.
> Before, it used to be either "example1.jsp" in case the "incoming"
> JSP was "example1.jsp" and "example2.jsp" in case the "incoming"
> JSP was "example2.jsp".
>
> I don't know how to correct my code to be able to discriminate
> between the two JSPs. Can you please help me?
>
> I apologize in advance for the barbaric expression "incoming JSP".
> I hope my point is understandable despite unfortunate expression.
The Referer is going to be the URL that was showing in the web browser
when the user clicked on the Submit button. If do_example forwards to
example1.jsp (instead of performing a redirect), then the browser
thinks that the current page is "do_example" and you'll get that in
your Referer header.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJUU+KZAAoJEBzwKT+lPKRYtFAQALwANlt5SQJNdeNOBhdw1rd+
bmzpsLoKUYER29dl6xFlfJogS2fu/Wym1EQI1E3+wBWSc3L9VwXUx+qcCSEwfBQ9
aP5AiIp6WoVXw8l1f8vxgZ5iuLqawrMNs3WvypTAS+VCcAk+hx6G83auX/PriVIR
HsnUbmcXISiKwbe2BUB5QKICNeWbXacifE8NPDQvpUGtak+xcWf7kolNUWbl/9Gs
bSUUEVINkerBTeHisJnTRoQ7sN7fFKZ1ZouDgIh6uTkvKtCjN6EJhR6/sgkFB+cC
T92TyaqRtWxJD+gZOCUWY7IJbPgxu04ASLexS796WHRggRr+k31YWOZDIBz1BS0p
dkz42wavfj15TPAiZ07NsWxU3hlFl66xpv1EaLWexK2Q7Fqdiy3oVobnHsoUIsa9
gotOV91tATzK9JXWIX/AaALyGvqMXYJAzbRuOnAEEJHES3IJDKdim849zHfFKajJ
JvnEFf3gt1A+tWEwussyxVAbWXir+guwTp9IidegXhKNvPmNj1sjiJk/cciVTc54
ZKypluktYedERfJcld/tycaKJY9NFdEHhm+1rv0tV8cPwenlg/qsxQpgUgESksc0
vNOgATWMlPNZLzoLstwigrgHD5d+Non2O+bFl7lUYeFYXKz6jjq4X0yfMvRPiTHL
z6TgpoBFrXbfjCAUgQ+x
=rl+Q
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
