tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Parker <mp...@voyanttech.com>
Subject Re: [PATCH] forward instead of redirect for welcome files
Date Tue, 07 Jan 2003 16:25:38 GMT
On Tue, 2003-01-07 at 04:39, Remy Maucherat wrote:
> Matt Parker wrote:
> > If you want to mirror what Apache HTTPD does:
> > 
> > No slash present --> append slash (only!) and redirect
> > Slash present --> internally forward to welcome-file page
> > 
> > 
> > Well, here's the rub:
> > 
> > - The new servlet spec clearly states that either /foo or /foo/ should
> > return a welcome-file (if specified)
> 
> Well, this is broken behavior. If no slash, then a redirect will be sent 
> back to the client, otherwise, relative paths are not resolved 
> correctly, with no way for the app writer to anticipate it.
> 

That's true. Although I think it would still satisfy the spec to
redirect /foo to /foo/index.html, but would a redirect from /foo to
/foo/, and then forward to /foo/index.html still satisfy it? Maybe I'm
being too pedantic. The actual text reads:

"A request URI of /foo or /foo/ will be returned as /foo/index.html"

> > 
> > What do y'all think?
> > 
> > I vote +1 :)
> 
> I'll vote the opposite ;-)
> People are used to the bahavior in 4.1. In 5.0, I plan to add the option 
> for internal forwards in the new mapper I'll write.
> 
> Note that internal forwards were used in early 4.0 releases, but went 
> away as it got reported as a security issue (the security checks apply 
> to the original URI, not the served welcome file).
> 
> Remy
> 

I hear ya. Didn't mean to be cute. Could the security check be applied
after the welcome file was resolved? Or is that going to be done in your
mapper?

Matt



--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message