[MAGNOLIA-3716] VirtualUriFilter does not encode redirect Uri Created: 27/May/11  Updated: 04/Oct/13  Resolved: 18/Aug/11

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: 4.3.8
Fix Version/s: 4.4.5

Type: Bug Priority: Major
Reporter: Thomas Kalmar Assignee: Daniel Lipp
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
causality
is causing MAGNOLIA-3841 Mime type resolution fails when runni... Closed
is causing MAGNOLIA-3784 fix broken MostBasicTest#loginOnAutho... Closed
Template:
Patch included:
Yes
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

The VirtualUriFilter does an redirect via:

response.sendRedirect(redirectUrl);

on line 81. This is bad if used without cookies because the jsessionid is lost in some cases

the better solution would be

response.sendRedirect(response.encodeRedirectURL(redirectUrl));



 Comments   
Comment by Magnolia International [ 07/Jun/11 ]

Hey Thomas, thanks for the report! Trying to include this in the next bugfix release.

Comment by Jan Haderka [ 16/Aug/11 ]

according to the spec encodeRedirect should only encode session id in the request ... so the fake test is testing (and faking) wrong thing

Comment by Daniel Lipp [ 18/Aug/11 ]

Spec is actually not clear about what gets encoded. Anyway - as we don't want to test the encoding here, I now use realistic value (gained from integration-tests running with Jetty)

Generated at Mon Feb 12 03:49:00 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.