Matt Parker wrote:
Well, this is broken behavior. If no slash, then a redirect will be sent back to the client, otherwise, relative paths are not resolved correctly, with no way for the app writer to anticipate it.If you want to mirror what Apache HTTPD does:No slash present --> append slash (only!) and redirect Slash present --> internally forward to welcome-file page Well, here's the rub: - The new servlet spec clearly states that either /foo or /foo/ should return a welcome-file (if specified)
I'll vote the opposite ;-)- Apache also has the problem with a relative link on a welcome file which has a directory specified in it However, I think that the patch benefits still outweigh its drawbacks: - it satisfies the new servlet spec - it circumvents the need for special processing and configuration when placed behind a proxy server (a farely common production practice). - it inherits a problem, but the problem is probably rare in practice, and will already have been avoided by Apache users since it's the same. i.e. i've never had a burning need to specify a welcome file or directory index that has a subdirectory in it _and_ has a relative link, so i can only guess that others either don't or already know to avoid it. What do y'all think? I vote +1 :)
People are used to the bahavior in 4.1. In 5.0, I plan to add the option for internal forwards in the new mapper I'll write.
Note that internal forwards were used in early 4.0 releases, but went away as it got reported as a security issue (the security checks apply to the original URI, not the served welcome file).
Remy
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
