[
https://issues.apache.org/jira/browse/CXF-8752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yves Piel updated CXF-8752:
---------------------------
Description:
Currently, redirections are limited to 'verbs with no content':
* [List of verbs with no
content|https://github.com/apache/cxf/blob/4e110842a36ac1923870df2c4b9f1a3266dfbc80/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java#L202]
* [Limitation for
redirections|https://github.com/apache/cxf/blob/4e110842a36ac1923870df2c4b9f1a3266dfbc80/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java#L1432]
In HTTP/1.1 specification it is written that automatic redirection need to be
done with care for methods not know to be safe:
!image-2022-08-18-10-57-24-093.png|width=477,height=122!
The safe methods are GET, HEAD, OPTIONS, and TRACE, those listed in [list of
verbs with no
content|https://github.com/apache/cxf/blob/4e110842a36ac1923870df2c4b9f1a3266dfbc80/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java#L202]
.
!image-2022-08-18-10-57-00-592.png|width=394,height=302!
Although the specification tells to do redirection of not safe method with
care, it doesn't forbid it. Currently, it is not possible to do redirection of
a POST method with CXF.
Maybe it could be acceptable to configure the list of redirected verbs ?
was:
Currently, redirections are limited to 'verbs with no content':
* [List of verbs with no
content|https://github.com/apache/cxf/blob/4e110842a36ac1923870df2c4b9f1a3266dfbc80/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java#L202]
* [Limitation for
redirections|https://github.com/apache/cxf/blob/4e110842a36ac1923870df2c4b9f1a3266dfbc80/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java#L1432]
In HTTP/1.1 specification it is written that automatic redirection need to be
done with care for methods not know to be safe:
!image-2022-08-18-10-57-24-093.png|width=477,height=122!
The safe methods are GET, HEAD, OPTIONS, and TRACE, those listed in[List of
verbs with no
content|https://github.com/apache/cxf/blob/4e110842a36ac1923870df2c4b9f1a3266dfbc80/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java#L202]
.
!image-2022-08-18-10-57-00-592.png|width=394,height=302!
Although the specification tells to do redirection of not safe method with
care, it doesn't forbid it. Currently, it is not possible to do redirection of
a POST method with CXF.
Maybe it could be acceptable to configure the list of redirected verbs ?
> Configurable list of redirectable verbs
> ---------------------------------------
>
> Key: CXF-8752
> URL: https://issues.apache.org/jira/browse/CXF-8752
> Project: CXF
> Issue Type: New Feature
> Reporter: Yves Piel
> Priority: Major
> Attachments: image-2022-08-18-10-57-00-592.png,
> image-2022-08-18-10-57-24-093.png
>
>
> Currently, redirections are limited to 'verbs with no content':
> * [List of verbs with no
> content|https://github.com/apache/cxf/blob/4e110842a36ac1923870df2c4b9f1a3266dfbc80/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java#L202]
> * [Limitation for
> redirections|https://github.com/apache/cxf/blob/4e110842a36ac1923870df2c4b9f1a3266dfbc80/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java#L1432]
> In HTTP/1.1 specification it is written that automatic redirection need to be
> done with care for methods not know to be safe:
> !image-2022-08-18-10-57-24-093.png|width=477,height=122!
> The safe methods are GET, HEAD, OPTIONS, and TRACE, those listed in [list of
> verbs with no
> content|https://github.com/apache/cxf/blob/4e110842a36ac1923870df2c4b9f1a3266dfbc80/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java#L202]
> .
> !image-2022-08-18-10-57-00-592.png|width=394,height=302!
> Although the specification tells to do redirection of not safe method with
> care, it doesn't forbid it. Currently, it is not possible to do redirection
> of a POST method with CXF.
>
> Maybe it could be acceptable to configure the list of redirected verbs ?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
