commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Potential Bug In Circular Redirect
Date Fri, 17 Feb 2006 14:42:17 GMT
Ryan Smith wrote:
> Oleg,
> 
> Thanks for the reply.
> Ok, the behavior can be correct, i understand you have a flag to disable 
> circular redirects,
> but this still seems inappropriate.  Becasue i still want to guard 
> against genuine circular redirects from these false circular redirects,
> and since all browsers support this functionality, i think it would be 
> nice if HttpClient could offer support for "Browser HTTP Protocol"
> like you can set a Param to "act.like.a.browser"  which will 302 
> redirect when the uri is same but query string is different and 
> basically operate as a forgiving http protocol if you so choose.
> Just an idea since the http protocol and the way all popular browsers 
> implement it are much different.
> 

The trouble is that so called popular browsers do it rather badly. They 
tend to accept any garbage some badly written CGI scripts spit out at 
them instead of rejecting malformed HTTP messages as invalid thus giving 
the developers of those sites some incentive to do their job properly. 
We usually provide a lenient mode in those cases where the wording of 
the HTTP spec is vague or ambiguous, but we have no intension to work 
around some pretty gross violations of the HTTP spec that common 
browsers tend to forgive. After all, HttpClient is not a browser, nor a 
vacuum cleaner, it is what it is, an HTTP library.

Hope this explains our position

Oleg


> Thanks
> 
> Oleg Kalnichevski wrote:
>> On Thu, 2006-02-16 at 17:24 -0500, Ryan Smith wrote:
>> ...
>>  
>>>>
>>>>      
>>> I am using 3.0 RELEASE
>>> But i checked out the latest snap shot code, and the logic in 
>>> HttpMethodDirector.java only checks for the URI, not URI + Query string.
>>>
>>>    
>>
>> Ryan,
>>
>> I think this behavior is correct. It was implemented per this bug
>> report:
>>
>> http://issues.apache.org/bugzilla/show_bug.cgi?id=33021
>>
>> Set 'http.protocol.allow-circular-redirects' parameter to true to
>> disable the check
>>
>> Oleg
>>
>>  
>>> Below, plerase see my MANIFEST.MF that came with my httpclient.jar :
>>>
>>> Manifest-Version: 1.0
>>> Ant-Version: Apache Ant 1.5.3
>>> Created-By: Apache Maven
>>> Built-By: Michael
>>> Package: org.apache.commons.httpclient
>>> Build-Jdk: 1.3.1_17
>>> Extension-Name: commons-httpclient
>>> Specification-Title: Jakarta Commons HttpClient
>>> Specification-Vendor: Apache Software Foundation
>>> Implementation-Title: org.apache.commons.httpclient
>>> Implementation-Vendor: Apache Software Foundation
>>> Implementation-Version: 3.0
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: commons-dev-help@jakarta.apache.org
>>>
>>>
>>>    
>>
>>  
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message