Jonathan Yan created HTTPCLIENT-2372:
----------------------------------------
Summary: Redirection to same target with sensitive headers is not
followed
Key: HTTPCLIENT-2372
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2372
Project: HttpComponents HttpClient
Issue Type: Bug
Affects Versions: 5.5
Reporter: Jonathan Yan
Attachments: Issue.java
When redirecting to the same target, e.g., [https://news.google.com/] gets
redirected to [https://news.google.com/home?hl=en-GB&gl=GB&ceid=GB:en], even if
there is some sensitive header, the {{HttpClient}} should still automatically
follow the redirect (when it is enabled).
The issue seems to be that in
{{{}DefaultRedirectStrategy.isRedirectAllowed(...){}}}, the {{currentTarget}}
(https://news.google.com:443) has an explicit port while the {{newTarget}}
(https://news.google.com) doesn't and are considered not matching.
The issue can be reproduced with the attached file using
{{{}org.apache.httpcomponents.client5:httpclient5:5.5{}}}.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
