hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Handling of redirects in HttpClient
Date Wed, 07 Aug 2013 07:49:58 GMT
On Wed, 2013-08-07 at 09:41 +0200, Philippe Mouawad wrote:
> Hello Oleg,
> Sorry it's not clear.
> Using Httpclient, we call this jsp which ad you can see does a redirection
> with unsafz characters in url, redirection fails with the mentionned
> exception.
> This is due to the way hc4 impl builds a Uri from it not checking for
> unsafe characters.
> 

The redirect sent by the origin server is meant to contain a well formed
location URI. The redirect URI is not meant to contain invalid
characters in the first place. It is not a job of a HTTP agent to guess
as to what a particular location is supposed to mean. 

> my question is , is this fine or not ?
> 

Garbage in, garbage out. I personally think it is perfectly reasonable
to reject such redirects. One can, however, override the default
behavior of HttpClient by using a custom RedirectStrategy
implementation.

Oleg
 

> Thanks
> Regards
> Philippe
> On Wednesday, August 7, 2013, Oleg Kalnichevski wrote:
> 
> > On Tue, 2013-08-06 at 22:58 +0200, Philippe Mouawad wrote:
> > > Hello,
> > >
> > > We have an issue with redirection handling in HttpClient 4.2.5
> > > We have a JSP that contains the following code:
> > >
> > > <%@ page session="false"  contentType="text/html"  buffer="8kb" %>
> > > <html>
> > > <body>
> > >
> > > <%
> > > response.sendRedirect("http://localhost:8080/?[]!@#$%^&*()");
> > > %>
> > >
> > > </body>
> > > </html>
> > >
> > >
> > > As you can see it contains unsafe characters.
> > >
> > > It fails with:
> > > Caused by: org.apache.http.ProtocolException: Invalid redirect URI:
> > > http://localhost:8080/?[]!@#$%^&*()
> > >     at
> > >
> > org.apache.http.impl.client.DefaultRedirectStrategy.createLocationURI(DefaultRedirectStrategy.java:197)
> > >     at
> > >
> > org.apache.http.impl.client.DefaultRedirectStrategy.getLocationURI(DefaultRedirectStrategy.java:148)
> > >     at
> > >
> > org.apache.http.impl.client.DefaultRedirectStrategy.getRedirect(DefaultRedirectStrategy.java:217)
> > >     at
> > >
> > org.apache.http.impl.client.DefaultRequestDirector.handleResponse(DefaultRequestDirector.java:1105)
> > >     at
> > >
> > org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:548)
> > >     at
> > >
> > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
> > >     ... 9 more
> > > Caused by: java.net.URISyntaxException: Malformed escape pair at index
> > 29:
> > > http://localhost:8080/?[]!@#$%^&*()
> > >     at java.net.URI$Parser.fail(URI.java:2810)
> > >     at java.net.URI$Parser.scanEscape(URI.java:2940)
> > >     at java.net.URI$Parser.scan(URI.java:2963)
> > >     at java.net.URI$Parser.checkChars(URI.java:2981)
> > >     at java.net.URI$Parser.parse(URI.java:3029)
> > >     at java.net.URI.<init>(URI.java:577)
> > >     at
> > >
> > org.apache.http.impl.client.DefaultRedirectStrategy.createLocationURI(DefaultRedirectStrategy.java:195)
> > >     ... 14 more
> > >
> > > It succeeds with Java Implementation.
> > >
> >
> > Philippe,
> >
> > I am not sure I understand your question (if it is a question).
> >
> > Oleg
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org<javascript:;>
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org<javascript:;>
> >
> >
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message