cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sylvain Wallez <sylv...@apache.org>
Subject Re: [Bug?] absolute redirection in flow appears not to be proxy safe
Date Sun, 04 Jan 2004 16:03:59 GMT
Stefano Mazzocchi wrote:

>
> On 4 Jan 2004, at 10:10, Sylvain Wallez wrote:


<snip/>

>> The explanation is in the servlet spec for 
>> HttpServletResponse.sendRedirect: "If the location is relative with a 
>> leading '/' the container interprets it as relative to the servlet 
>> container root."
>>
>> Absolute paths don't redirect to the _webapp_ root, but the _servlet 
>> container_ root. This means that redirectTo("/index") produces a 
>> "http://localhost:8000/index" and not a "http://localhost:8000/B/index".
>>
>> Since the redirect location doesn't start with the ProxyPassReverse 
>> URL prefix, the httpd server sends that location verbatim to the 
>> browser.
>>
>> Et voilĂ : redirecting to the webapp root cannot be done with an 
>> absolute path.
>
>
> This does not explain why redirect('/') worked before when /A was 
> mount to / instead of /A. Or I'm missing something.


I assume your original httpd.conf was something like:
  ProxyPass /myApp http://localhost:8000/
  ProxyPassReverse /myApp http://localhost:8000/

When redirecting to "/index", the "Location" header is set by Jetty to 
"http://locahost:8000/index". As it starts with 
"http://localhost:8000/", mod_proxy translates it to 
"http://www.my.com/myApp/index" and everything is fine.

Now lets mount two apps on Jetty. I assume the httpd.conf looks like:
  ProxyPass /appA http://localhost:8000/A
  ProxyPassReverse /appA http://localhost:8000/A
  ProxyPass /appB http://localhost:8000/B
  ProxyPassReverse /appB http://localhost:8000/B

Calling "http://www.my.com/appB" calls in turn 
"http://localhost:8000/B". When the processing of this request does a 
redirect to "/index", the "Location" header is still 
"http://localhost:8000/index", as per the servlet specification I 
quoted. This header doesn't match the ProxyPassReverse directive, and 
thus mod_proxy leaves it unchanged.

The case of A is different in that the relative redirect goes back to 
the root of the _webapp_, whether it is mounted at the root of the 
servlet engine or not. This means that the "Location" header set by 
Jetty will be "http://localhost:8000/A/index". This header matches the 
ProxyPassReverse directive and therefore mod_proxy translates it to 
"http://www.my.com/appA/index".

When A was mounted on "/" there was no difference between redirecting to 
the servlet container root and redirecting to the webapp root.

Hope it's clearer.

Sylvain

-- 
Sylvain Wallez                                  Anyware Technologies
http://www.apache.org/~sylvain           http://www.anyware-tech.com
{ XML, Java, Cocoon, OpenSource }*{ Training, Consulting, Projects }
Orixo, the opensource XML business alliance  -  http://www.orixo.com



Mime
View raw message