https://issues.apache.org/jira/browse/WICKET-6638
Wicket 6.x receives only security related fixes and this one doesn't count as such. You will have to use HttpServletResponse in your application. On Wed, Feb 27, 2019 at 9:09 PM Chris Colman <chr...@stepaheadsoftware.com> wrote: > The code that is removing the encoding is in ServletWebResponse: > > public void sendRedirect(String url) { > try { > this.redirect = true; > > >>>> 'encode' is actually performing a decode in this line <<<< > url = this.encodeRedirectURL(url); > this.disableCaching(); > if (this.webRequest.isAjax()) { > this.httpServletResponse.setHeader("Ajax-Location", > url); > > this.httpServletResponse.getWriter().write("<ajax-response><redirect><![ > CDATA[" + url + "]]></redirect></ajax-response>"); > this.setContentType("text/xml;charset=" + > this.webRequest.getContainerRequest().getCharacterEncoding()); > this.disableCaching(); > } else { > this.httpServletResponse.sendRedirect(url); > } > > } catch (IOException var3) { > throw new WicketRuntimeException(var3); > } > } > > > -----Original Message----- > > From: Chris Colman [mailto:chr...@stepaheadsoftware.com] > > Sent: Thursday, 28 February 2019 5:05 AM > > To: users@wicket.apache.org > > Subject: RE: Undesirable decoding of URL encoded external URL using > > RedirectToUrlException > > > > Actually - I spoke too soon :) > > > > When I use SC_SEE_OTHER inside an AJAX invoked form submit method it > > works fine if the URL is for the same hostname but when it points to a > > different hostname (external link) the browser refuses to redirect, > > giving a CORS error. > > > > I could configure CORS on the external server but this is a redirect > so > > I am wondering why is CORS an issue? > > > > Maybe the browsers treats all XMLHttpRequestS as resource accesses to > > display in the current page even if they are not actually requesting a > > resource to be displayed in the current page but invoking redirect to > a > > completely new page? > > > > The redirect 302 doesn't have this problem but then I'm back to the > > undesirable premature decoding of the query parameters. > > > > It seems like the browser understands that 302 is a proper redirect > (not > > a resource fetch for the current page) and so does not raise a CORS > > error. > > > > That got me thinking that may I could use SC_TEMPORARY_REDIRECT > instead > > but that results in a: > > > > java.lang.IllegalStateException: Status must be either 301, 302 or > 303, > > but was: 307 > > > > > > > -----Original Message----- > > > From: Chris Colman [mailto:chr...@stepaheadsoftware.com] > > > Sent: Wednesday, 27 February 2019 9:06 PM > > > To: users@wicket.apache.org > > > Subject: RE: Undesirable decoding of URL encoded external URL using > > > RedirectToUrlException > > > > > > That works brilliantly! > > > > > > Thanks Martin > > > > > > > -----Original Message----- > > > > From: Martin Grigorov [mailto:mgrigo...@apache.org] > > > > Sent: Tuesday, 26 February 2019 10:46 PM > > > > To: users@wicket.apache.org > > > > Subject: Re: Undesirable decoding of URL encoded external URL > using > > > > RedirectToUrlException > > > > > > > > Hi, > > > > > > > > It seems you use RedirectToUrlException(String) constructor which > > > > internally uses > statusCode=HttpServletResponse.SC_MOVED_TEMPORARILY. > > > > If you use RedirectToUrlException(yourUrl, > > > > HttpServletResponse.SC_SEE_OTHER) then Wicket will not do its > extra > > > logic > > > > in > > > > > > > > > > org.apache.wicket.protocol.http.servlet.ServletWebResponse#encodeRedirec > > > tU > > > > RL() > > > > and all should be fine. > > > > > > > > On Mon, Feb 25, 2019 at 8:13 PM Chris Colman > > > > <chr...@stepaheadsoftware.com> > > > > wrote: > > > > > > > > > I am using: > > > > > > > > > > > > > > > > > > > > throw new RedirectUrlException(externalUrl); > > > > > > > > > > > > > > > > > > > > to redirect to an external URL (i.e. > > > > > https://hostname/path?param1=value1¶m2=value2 etc.,) > > > > > > > > > > > > > > > > > > > > In constructing the URL I have used java.net.URLEncoder.encode() > > to > > > > > individual encode the values in each of the query parameters. > > > > > > > > > > > > > > > > > > > > The browser shows the redirected URL with the query parameters > > being > > > > > 'decoded' not encoded. > > > > > > > > > > > > > > > > > > > > I stepped through in the debugger and saw that Wicket's > > > > > org.apache.wicket.util.encoding.UrlDecoder is being used to > decode > > > the > > > > > URL while processing the redirect. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I worked around problem by using the native Servlet API > redirect: > > > > > > > > > > > > > > > > > > > > HttpServletResponse response = > > > > > > > > > > > (HttpServletResponse)getRequestCycle().getResponse().getContainerRespons > > > > > e(); > > > > > > > > > > try > > > > > > > > > > { > > > > > > > > > > response.sendRedirect(url); > > > > > > > > > > } > > > > > > > > > > catch(IOException ioe) > > > > > > > > > > { > > > > > > > > > > logger.error("Error while attempting to > > > redirect > > > > > to: " + url); > > > > > > > > > > } > > > > > > > > > > > > > > > > > > > > However, is there a 'Wicket' way of redirecting to an external > URL > > > > > without causing the undesired decoding? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Note: Using Wicket 6.x > > > > > > > > > > > > > > > > > > > > Regards, > > > > > > > > > > Chris > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > > > For additional commands, e-mail: users-h...@wicket.apache.org > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > > For additional commands, e-mail: users-h...@wicket.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > >