| Anonymous | Login | Signup for a new account | 12-13-2025 02:23 PST |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Advanced Details [ Jump to Notes ] | [ View Simple ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0000157 | [Resin] | minor | always | 05-11-05 00:00 | 11-30-05 14:44 | ||||
| Reporter | user142 | View Status | public | ||||||
| Assigned To | |||||||||
| Priority | normal | Resolution | fixed | Platform | |||||
| Status | closed | OS | |||||||
| Projection | none | OS Version | |||||||
| ETA | none | Fixed in Version | 3.0.14 | Product Version | |||||
| Product Build | |||||||||
| Summary | 0000157: <security-constraint> fails when url has query string | ||||||||
| Description |
RSN-155 With the following config settings: <host host-name="www.hogwarts.com" secure-host-name="secure.hogwarts.com"> ... </host> <web-app-default> <security-constraint> <web-resource-collection> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint transport-guarantee="CONFIDENTIAL"/> </security-constraint> </web-app-default> Intended to force all users into HTTPS mode, the automatic redirect fails if the URL has a query string on it. In this scenario, navigating to "http://www.hogwarts.com?test=foobar" [^] sends you to "https://secure.hogwarts.comtest=foobar". [^] This results in a 404 NOT FOUND since the question mark has been stripped. |
||||||||
| Steps To Reproduce | |||||||||
| Additional Information | Win XP, Win2k | ||||||||
| Attached Files | |||||||||
|
|
|||||||||
 Relationships |
|
|
Notes |
|
|
(0000186) user142 05-11-05 00:00 |
--- TransportConstraint.java.orig Sat Mar 5 12:17:00 2005 +++ TransportConstraint.java Wed May 11 15:03:32 2005 @@ -90,7 +90,7 @@ if (request.getPathInfo() != null) url += request.getPathInfo(); if (request.getQueryString() != null) - url += request.getQueryString(); + url += "?" + request.getQueryString(); response.sendRedirect(url); return false; |
|
(0000187) ferg 05-11-05 00:00 |
server/12h0 |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 05-11-05 00:00 | user142 | New Issue | |
| 11-30-05 00:00 | administrator | Fixed in Version | => 3.0.14 |
| 11-30-05 14:44 | ferg | Status | resolved => closed |
| Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
36 total queries executed. 28 unique queries executed. |  |
