[MAGNOLIA-9263] Redirect URL being wrongly encoded Created: 24/Jan/24  Updated: 07/Feb/24

Status: In Progress
Project: Magnolia
Component/s: None
Affects Version/s: 6.2.42
Fix Version/s: 6.3.0, 6.2.43

Type: Bug Priority: Neutral
Reporter: Richard Gange Assignee: Jaroslav Simak
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Cloners
is cloned by MGNLCACHE-364 CLONE - Redirect URL being wrongly en... Open
relation
is related to MAGNOLIA-8821 VirtualURI mapping to URL with non as... Closed
is related to MGNLCACHE-348 VirtualURI mapping to URL with non as... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Testcase included:
Yes
Release notes required:
Yes
Date of First Response:
Epic Link: Support
Team: DeveloperX
Work Started:

 Description   

What seems to be another corner case of MAGNOLIA-8821 we have an issue where if a redirect URL is used after a login the protocol portion of the URL is being wrongly encoded. It's because redirection scheme does not take into account absolute urls.

Basically "http://" is changed to "http%3A//" where the colon is being encoded.

Reproduce

  • magnolia.utf8.enabled=true
  • One option is to configure the CAS module (version 1.3.2) by setting parameters: casLoginURL, casLogoutURL, casServiceURL, casTicketRequestParameter,casValidateURL.

Expected
Should be redirected and the url should be correctly compressed.

Actual
Magnolia fails to redirect after several attempts due to wrong compression of the redirect url ("https%3A//.....")

Workaround
Bypass the GZipFilter to ignore compressing the redirect url.



 Comments   
Comment by Rishab Dhar [ 30/Jan/24 ]

There are two PRs - this and that already crafted for fixing this issue.

The issue arises because MAGNOLIA-8821 only took into account relative urls.

The tests cover the range of the full scheme of absolute url now.

The regex used for testing is here.

Generated at Mon Feb 12 04:40:06 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.