cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 27802] - EncodeURLTransformer encodes off site links
Date Mon, 29 Mar 2004 12:05:31 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=27802>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=27802

EncodeURLTransformer encodes off site links





------- Additional Comments From m_rolappe@web.de  2004-03-29 12:05 -------
I really doubt the usefulness of adding that complexity (e.g. with URL
include/exclude patterns you have to manually encode, i.e. check whether
encoding applies, append the session id, ..., since in the case of tomcat it
won't be done by the container when calling encodeURL()).

for your proxy use case I assume that the whole webapp is accessed proxied (e.g.
www.foo.org:80 -> somewhere.foo.org:8080). there's no problem then to tell the
connector that it is proxied so that it returns the right server name and port
to the container for checking whether to apply URL encoding.

nothing prevents you from getting the session id and manually encoding it in
special cases.

and in the end it's not about 'offsite links' but links not within the same web
application/servlet context (cause in the end it's about tracking sessions). is
it really that common to have a *single* webapp be reachable via
www.split.it:80, up.to:8080 and the.max.net:413 ?

Mime
View raw message