Return-Path: Delivered-To: apmail-cocoon-dev-archive@www.apache.org Received: (qmail 82293 invoked from network); 29 Mar 2004 12:04:59 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 29 Mar 2004 12:04:59 -0000 Received: (qmail 60121 invoked by uid 500); 29 Mar 2004 12:04:55 -0000 Delivered-To: apmail-cocoon-dev-archive@cocoon.apache.org Received: (qmail 60035 invoked by uid 500); 29 Mar 2004 12:04:54 -0000 Mailing-List: contact dev-help@cocoon.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: dev@cocoon.apache.org Delivered-To: mailing list dev@cocoon.apache.org Received: (qmail 60022 invoked from network); 29 Mar 2004 12:04:54 -0000 Received: from unknown (HELO exchange.sun.com) (192.18.33.10) by daedalus.apache.org with SMTP; 29 Mar 2004 12:04:54 -0000 Received: (qmail 20220 invoked by uid 50); 29 Mar 2004 12:05:31 -0000 Date: 29 Mar 2004 12:05:31 -0000 Message-ID: <20040329120531.20219.qmail@nagoya.betaversion.org> From: bugzilla@apache.org To: dev@cocoon.apache.org Cc: Subject: DO NOT REPLY [Bug 27802] - EncodeURLTransformer encodes off site links X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=27802 EncodeURLTransformer encodes off site links ------- Additional Comments From m_rolappe@web.de 2004-03-29 12:05 ------- I really doubt the usefulness of adding that complexity (e.g. with URL include/exclude patterns you have to manually encode, i.e. check whether encoding applies, append the session id, ..., since in the case of tomcat it won't be done by the container when calling encodeURL()). for your proxy use case I assume that the whole webapp is accessed proxied (e.g. www.foo.org:80 -> somewhere.foo.org:8080). there's no problem then to tell the connector that it is proxied so that it returns the right server name and port to the container for checking whether to apply URL encoding. nothing prevents you from getting the session id and manually encoding it in special cases. and in the end it's not about 'offsite links' but links not within the same web application/servlet context (cause in the end it's about tracking sessions). is it really that common to have a *single* webapp be reachable via www.split.it:80, up.to:8080 and the.max.net:413 ?