[
https://issues.apache.org/jira/browse/HTTPCLIENT-2372?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17956397#comment-17956397
]
ASF subversion and git services commented on HTTPCLIENT-2372:
-------------------------------------------------------------
Commit 5cef6edeb74d3bb458ed7ccbfbebc21838519746 in httpcomponents-client's
branch refs/heads/master from Arturo Bernal
[ https://gitbox.apache.org/repos/asf?p=httpcomponents-client.git;h=5cef6edeb ]
HTTPCLIENT-2372 - Normalize HttpHost port comparison to treat implicit default
ports as equal (#643)
> Redirection to same target with sensitive headers is not followed
> -----------------------------------------------------------------
>
> Key: HTTPCLIENT-2372
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2372
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Affects Versions: 5.5
> Reporter: Jonathan Yan
> Priority: Minor
> Fix For: 5.5.1
>
> Attachments: Issue.java
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> When redirecting to the same target, e.g., [https://news.google.com/] gets
> redirected to [https://news.google.com/home?hl=en-GB&gl=GB&ceid=GB:en], even
> if there is some sensitive header, the {{HttpClient}} should still
> automatically follow the redirect (when it is enabled).
> The issue seems to be that in
> {{{}DefaultRedirectStrategy.isRedirectAllowed(...){}}}, the {{currentTarget}}
> (https://news.google.com:443) has an explicit port while the {{newTarget}}
> (https://news.google.com) doesn't and are considered not matching.
> The issue can be reproduced with the attached file using
> {{{}org.apache.httpcomponents.client5:httpclient5:5.5{}}}.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
