Details
-
Bug
-
Resolution: Done
-
Major
-
1.4.23.Final, 2.0.1.Final
-
None
Description
HttpServletResponseImpl#sendRedirect checks for absolute urls by recognizing string "://".
The schema part of URLs ends with colon, not colon double slash. This is not an issue for http(s) protocol URLs but for redirect URLs for native mobile apps.
Defining redirect URLs for OAuth as defined in
https://tools.ietf.org/html/rfc8252#section-7.1
will result in relative URL redirects.
Attachments
Issue Links
- causes
-
JBEAP-16826 [GSS](7.2.z) UNDERTOW-1567 - Redirect to absolute URL with special characters broken
- Verified
-
UNDERTOW-1567 Redirect to absolute URL with special characters broken
- Resolved