Return-Path: X-Original-To: apmail-hc-dev-archive@www.apache.org Delivered-To: apmail-hc-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 17D8F1836D for ; Thu, 28 Jan 2016 04:30:42 +0000 (UTC) Received: (qmail 52292 invoked by uid 500); 28 Jan 2016 04:30:40 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 52087 invoked by uid 500); 28 Jan 2016 04:30:40 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 52069 invoked by uid 99); 28 Jan 2016 04:30:39 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Jan 2016 04:30:39 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id C91A62C1F57 for ; Thu, 28 Jan 2016 04:30:39 +0000 (UTC) Date: Thu, 28 Jan 2016 04:30:39 +0000 (UTC) From: "Dariusz Kordonski (JIRA)" To: dev@hc.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Created] (HTTPCLIENT-1716) DefaultRedirectStrategy seems to disregard HTTP spec for PUT/POST/DELETE request redirects MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 Dariusz Kordonski created HTTPCLIENT-1716: --------------------------------------------- Summary: DefaultRedirectStrategy seems to disregard HTTP spec for PUT/POST/DELETE request redirects Key: HTTPCLIENT-1716 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1716 Project: HttpComponents HttpClient Issue Type: Bug Components: HttpClient Affects Versions: 5.0 Alpha1 Reporter: Dariusz Kordonski Observed on {{trunk}} branch that has 5.0-alpha2-SNAPSHOT mvn version. The docs for {{DefaultRedirectStrategy}} correctly state: {quote} his strategy honors the restrictions on automatic redirection of entity enclosing methods such as POST and PUT imposed by the HTTP specification. {@code 302 Moved Temporarily}, {@code 301 Moved Permanently} and {@code 307 Temporary Redirect} status codes will result in an automatic redirect of HEAD and GET methods only. POST and PUT methods will not be automatically redirected as requiring user confirmation. {quote} (NB: in fact to be more precise I think DELETE requests should also be **not** automatically redirected) However the actual implementation does not seem to follow this, whereby {{isRedirected}} pretty much lets all requests through: {code} switch (statusCode) { case HttpStatus.SC_MOVED_PERMANENTLY: case HttpStatus.SC_MOVED_TEMPORARILY: case HttpStatus.SC_SEE_OTHER: case HttpStatus.SC_TEMPORARY_REDIRECT: return true; default: return false; } {code} A simple failing test case that confirms the problem for a PUT request resulting with 302 (PUT should only be redirected automatically for 303): {code} @Test public void testIsRedirectedForTemporaryRedirectPut() throws Exception { final DefaultRedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1, HttpStatus.SC_TEMPORARY_REDIRECT, "Temporary Redirect"); response.addHeader("Location", "http://localhost/stuff"); final HttpContext context = new BasicHttpContext(); assertFalse(redirectStrategy.isRedirected(new HttpPut("http://localhost/"), response, context)); } {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org