Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 2.0.2.Final, 1.4.24.Final
Affects Version/s: 1.4.23.Final, 2.0.1.Final
Component/s: Servlet
Labels:
None

Git Pull Request:
https://github.com/undertow-io/undertow/pull/619

HttpServletResponseImpl#sendRedirect checks for absolute urls by recognizing string "://".

The schema part of URLs ends with colon, not colon double slash. This is not an issue for http(s) protocol URLs but for redirect URLs for native mobile apps.

Defining redirect URLs for OAuth as defined in
https://tools.ietf.org/html/rfc8252#section-7.1
will result in relative URL redirects.

causes

UNDERTOW-1567 Redirect to absolute URL with special characters broken

Resolved

JBEAP-16826 [GSS](7.2.z) UNDERTOW-1567 - Redirect to absolute URL with special characters broken

Closed

is triggering

UNDERTOW-2383 Canonicalized query string in redirect location can break included links

Resolved

JBEAP-27014 [GSS](7.4.z) UNDERTOW-2383 - Canonicalized query string in redirect location can break included links

Closed

JBEAP-27015 [GSS](8.0.z) UNDERTOW-2383 - Canonicalized query string in redirect location can break included links

Closed

Assignee:: Stuart Douglas (Inactive)

Reporter:: André Schäfer (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2018/03/14 10:40 AM

Updated:: 2024/04/26 7:13 PM

Resolved:: 2018/03/14 2:53 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates