cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sylvain Wallez <>
Subject Re: [Bug?] absolute redirection in flow appears not to be proxy safe
Date Sun, 04 Jan 2004 09:10:53 GMT
Stefano Mazzocchi wrote:

> I came across a very weird problem today. I had two cocoon 
> applications that were once running in different JVM instances, both 
> mapped to / and I moved them into a single Jetty instance mapped on /A 
> and /B (for simplicity).
> Then I modified the ProxyPass settings and used the jetty web.xml 
> trick to change the cookie path.

What's this "web.xml trick"?

> Now, the interesting thing was that while /A performed just like 
> before, /B had a wierd problem: "redirects" were absolute to the 
> "webapp server", not to the "web server".
> Both apps had the same exact version of cocoon (compiled this morning).
> After careful examination and extensive protocol dump, I was able to 
> understand that while /A used
>  cocoon.redirectTo(../../index);
> /B used
>  cocoon.redirectTo(/index);
> and both turn up to the in the same position, but while the first 
> actually works (the redirect is "remapped" to the original Proxy URL, 
> not to the appserver one which is obviously firewalled), the second 
> doesn't do remapping and the web application fails because it tries to 
> connect to the webapp directly
> [actually it's even worse, because it tries to connect to the 
> ProxyPass setting, which are http://localhost:8000/ in my case, so it 
> tries to connect to *your* machine!]
> The interesting thing is that this worked perfectly in the past, when 
> both were mapped to /, but I can't tell what broke since I moved them 
> *and* change the version of cocoon at the same time.
> Did anybody experience a similar behavior?

The explanation is in the servlet spec for 
HttpServletResponse.sendRedirect: "If the location is relative with a 
leading '/' the container interprets it as relative to the servlet 
container root."

Absolute paths don't redirect to the _webapp_ root, but the _servlet 
container_ root. This means that redirectTo("/index") produces a 
"http://localhost:8000/index" and not a "http://localhost:8000/B/index".

Since the redirect location doesn't start with the ProxyPassReverse URL 
prefix, the httpd server sends that location verbatim to the browser.

Et voilĂ : redirecting to the webapp root cannot be done with an absolute 


Sylvain Wallez                                  Anyware Technologies 
{ XML, Java, Cocoon, OpenSource }*{ Training, Consulting, Projects }
Orixo, the opensource XML business alliance  -

View raw message