Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 2.0.2.Final, 1.4.24.Final
Affects Version/s: 1.4.23.Final, 2.0.1.Final
Component/s: Servlet
Labels:
None

Git Pull Request:
https://github.com/undertow-io/undertow/pull/619

Description

HttpServletResponseImpl#sendRedirect checks for absolute urls by recognizing string "://".

The schema part of URLs ends with colon, not colon double slash. This is not an issue for http(s) protocol URLs but for redirect URLs for native mobile apps.

Defining redirect URLs for OAuth as defined in
https://tools.ietf.org/html/rfc8252#section-7.1
will result in relative URL redirects.

Attachments

Issue Links

causes

JBEAP-16826 [GSS](7.2.z) UNDERTOW-1567 - Redirect to absolute URL with special characters broken

Verified

UNDERTOW-1567 Redirect to absolute URL with special characters broken

Resolved

is triggering

JBEAP-27014 [GSS](7.4.z) UNDERTOW-2383 - Canonicalized query string in redirect location can break included links

Open

JBEAP-27015 [GSS](8.0.z) UNDERTOW-2383 - Canonicalized query string in redirect location can break included links

Pull Request Sent

UNDERTOW-2383 Canonicalized query string in redirect location can break included links

Pull Request Sent

Activity

People

Assignee:: Stuart Douglas

Reporter:: André Schäfer (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2018/03/14 10:40 AM

Updated:: 2024/04/26 7:13 PM

Resolved:: 2018/03/14 2:53 PM