tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <>
Subject Re: [PATCH] forward instead of redirect for welcome files
Date Tue, 07 Jan 2003 11:39:19 GMT
Matt Parker wrote:
> If you want to mirror what Apache HTTPD does:
> No slash present --> append slash (only!) and redirect
> Slash present --> internally forward to welcome-file page
> Well, here's the rub:
> - The new servlet spec clearly states that either /foo or /foo/ should
> return a welcome-file (if specified)

Well, this is broken behavior. If no slash, then a redirect will be sent 
back to the client, otherwise, relative paths are not resolved 
correctly, with no way for the app writer to anticipate it.

> - Apache also has the problem with a relative link on a welcome file
> which has a directory specified in it
> However, I think that the patch benefits still outweigh its drawbacks:
> - it satisfies the new servlet spec
> - it circumvents the need for special processing and configuration when
> placed behind a proxy server (a farely common production practice).
> - it inherits a problem, but the problem is probably rare in practice,
> and will already have been avoided by Apache users since it's the same.
> i.e. i've never had a burning need to specify a welcome file or
> directory index that has a subdirectory in it _and_ has a relative link,
> so i can only guess that others either don't or already know to avoid
> it.
> What do y'all think?
> I vote +1 :)

I'll vote the opposite ;-)
People are used to the bahavior in 4.1. In 5.0, I plan to add the option 
for internal forwards in the new mapper I'll write.

Note that internal forwards were used in early 4.0 releases, but went 
away as it got reported as a security issue (the security checks apply 
to the original URI, not the served welcome file).


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message