Bin, > Peter: > To answer your questions > 1. The response header when using 8080 to post, I got: > > Status Code: 405 Method Not Allowed > Allow: POST > Cache-Control: private > Content-Language: en > Content-Length: 1045 > Content-Type: text/html;charset=utf-8 > Date: Mon, 23 Jan 2017 18:48:07 GMT > Expires: Wed, 31 Dec 1969 16:00:00 PST > Server: Apache-Coyote/1.1 > > This agrees to the access log record > > When using 8443 for the same POST operation, I got: > > Status Code: 201 Created > Content-Length: 277 > Content-Type: application/xml > Date: Mon, 23 Jan 2017 18:51:25 GMT > Server: Apache-Coyote/1.1 > > Which also agrees to the access log record. >
These are the responses to the redirected calls. But the redirect to https is happening before... Something like: curl -I http://www.mysite.com HTTP/1.0 301 Moved Permanently Location: https:// www.mysite.com Server: Apache Connection: Keep-Alive Content-Length: 0 Best regards. Peter > For your second question: > I understand the risk and consequence of using redirect for POST, this is > just an alternative for us for a short period of time, we will force all our > users to move the https before we can shut down the 8080 for POST. We are > working on that in the meantime. > > Thank you very much, > > Bin > > > -----Original Message----- > > > > The redirect takes place in the client. What kind of client do you use? Could > you send us the response headers from the two setups? > > > > You did not answer on my recommendation to fix the app to be https from the > start. In that case the redirect will be unnecessary... > > > > Peter > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org