-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Léa,
On 10/31/14 8:06 AM, Léa Massiot wrote: > Hello and thank you for reading my post. > > I'm trying to make a webapp work with HTTPS. It was working > properly with HTTP. Below is the problem I have. > > Inside a servlet, in its "doPost()" method, to check whether the > "incoming JSP" is "example1.jsp" or "example2.jsp", I am using the > following piece of code: > ----------------------------------------------------------- > s_referer = request.getHeader("referer"); > > if(s_referer.contains("example1.jsp") == true) Note that true == true is always true and true == false is always false. > { b_jspReferer1 = true; } if(s_referer.contains("example2.jsp") == > true) { b_jspReferer2 = true; } What is the referrer contains both example1.jsp *and* example2.jsp? > ----------------------------------------------------------- > > In "example1.jsp" and "example2.jsp" there is a "<form>" element > which "action" attribute is set to "do_example": > ----------------------------------------------------------- <form > method="post" action="do_example"> [...] </form> > ----------------------------------------------------------- > > Now that I'm using HTTPS, "s_referer" is always equal to > "do_example" in the servlet. That's weird. Does do_example do an internal forward to example(1|2).jsp for redisplay? If the browser doesn't want to send the Referer header, it won't send one... it's not going to send something bogus. > Before, it used to be either "example1.jsp" in case the "incoming" > JSP was "example1.jsp" and "example2.jsp" in case the "incoming" > JSP was "example2.jsp". > > I don't know how to correct my code to be able to discriminate > between the two JSPs. Can you please help me? > > I apologize in advance for the barbaric expression "incoming JSP". > I hope my point is understandable despite unfortunate expression. The Referer is going to be the URL that was showing in the web browser when the user clicked on the Submit button. If do_example forwards to example1.jsp (instead of performing a redirect), then the browser thinks that the current page is "do_example" and you'll get that in your Referer header. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUU+KZAAoJEBzwKT+lPKRYtFAQALwANlt5SQJNdeNOBhdw1rd+ bmzpsLoKUYER29dl6xFlfJogS2fu/Wym1EQI1E3+wBWSc3L9VwXUx+qcCSEwfBQ9 aP5AiIp6WoVXw8l1f8vxgZ5iuLqawrMNs3WvypTAS+VCcAk+hx6G83auX/PriVIR HsnUbmcXISiKwbe2BUB5QKICNeWbXacifE8NPDQvpUGtak+xcWf7kolNUWbl/9Gs bSUUEVINkerBTeHisJnTRoQ7sN7fFKZ1ZouDgIh6uTkvKtCjN6EJhR6/sgkFB+cC T92TyaqRtWxJD+gZOCUWY7IJbPgxu04ASLexS796WHRggRr+k31YWOZDIBz1BS0p dkz42wavfj15TPAiZ07NsWxU3hlFl66xpv1EaLWexK2Q7Fqdiy3oVobnHsoUIsa9 gotOV91tATzK9JXWIX/AaALyGvqMXYJAzbRuOnAEEJHES3IJDKdim849zHfFKajJ JvnEFf3gt1A+tWEwussyxVAbWXir+guwTp9IidegXhKNvPmNj1sjiJk/cciVTc54 ZKypluktYedERfJcld/tycaKJY9NFdEHhm+1rv0tV8cPwenlg/qsxQpgUgESksc0 vNOgATWMlPNZLzoLstwigrgHD5d+Non2O+bFl7lUYeFYXKz6jjq4X0yfMvRPiTHL z6TgpoBFrXbfjCAUgQ+x =rl+Q -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org