tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Relative redirect with sendRedirect(...)
Date Wed, 19 Nov 2008 12:20:30 GMT
Stig Kleppe-Jørgensen wrote:
>>> If not, why doesn't a HttpServletResponse.sendRedirect("../../go/here")
>>> work? As far as I can read from the servlet spec, the servlet engine
>>> _must_
>>> resolve relative redirects before sending the redirect back to the
>>> browser.
>>> But as far as I can tell, Tomcat does not do this. And furthermore, the
>>> watchdog tests does not have a test for this.
> 
>> Where were you when you issued the redirect?
> 
> I stand in this url:
> 
> http://<host>/<servletpath>/ication/test/fr/ca
> 
> and want to go to this url:
> 
> http://<host>/<servletpath>/ibs/name/test.jar
> 
> When calling 
> 
> httpresponse.sendRedirect("../../../../ibs/name/test.jar")
> 
> Tomcat generates this url:
> 
> http://<host>/<servletpath>/ication/test/fr/ca/../../../../ibs/name/test.jar

Which is perfectly legal. The spec says the URL must be fully qualified /
absolute. It does not say it has to be normalised.

> The same worked in Jetty.

Which is also perfectly legal and spec compliant.

Mark




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message