|
Mantis - Resin
|
|||||
| Viewing Issue Advanced Details | |||||
|
|
|||||
| ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: |
| 157 | minor | always | 05-11-05 00:00 | 11-30-05 14:44 | |
|
|
|||||
| Reporter: | user142 | Platform: | |||
| Assigned To: | OS: | ||||
| Priority: | normal | OS Version: | |||
| Status: | closed | Product Version: | |||
| Product Build: | Resolution: | fixed | |||
| Projection: | none | ||||
| ETA: | none | Fixed in Version: | 3.0.14 | ||
|
|
|||||
| Summary: | 0000157: <security-constraint> fails when url has query string | ||||
| Description: |
RSN-155 With the following config settings: <host host-name="www.hogwarts.com" secure-host-name="secure.hogwarts.com"> ... </host> <web-app-default> <security-constraint> <web-resource-collection> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint transport-guarantee="CONFIDENTIAL"/> </security-constraint> </web-app-default> Intended to force all users into HTTPS mode, the automatic redirect fails if the URL has a query string on it. In this scenario, navigating to "http://www.hogwarts.com?test=foobar" [^] sends you to "https://secure.hogwarts.comtest=foobar". [^] This results in a 404 NOT FOUND since the question mark has been stripped. |
||||
| Steps To Reproduce: | |||||
| Additional Information: | Win XP, Win2k | ||||
| Relationships | |||||
| Attached Files: | |||||
| Notes | |||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||