Peter:
To answer your questions
1. The response header when using 8080 to post, I got:
Status Code: 405 Method Not Allowed
Allow: POST
Cache-Control: private
Content-Language: en
Content-Length: 1045
Content-Type: text/html;charset=utf-8
Date: Mon, 23 Jan 2017 18:48:07 GMT
Expires: Wed, 31 Dec 1969 16:00:00 PST
Server: Apache-Coyote/1.1
This agrees to the access log record
When using 8443 for the same POST operation, I got:
Status Code: 201 Created
Content-Length: 277
Content-Type: application/xml
Date: Mon, 23 Jan 2017 18:51:25 GMT
Server: Apache-Coyote/1.1
Which also agrees to the access log record.
For your second question:
I understand the risk and consequence of using redirect for POST, this is just
an alternative for us for a short period of time, we will force all our users
to move the https before we can shut down the 8080 for POST. We are working on
that in the meantime.
Thank you very much,
Bin
-----Original Message-----
The redirect takes place in the client. What kind of client do you use? Could
you send us the response headers from the two setups?
You did not answer on my recommendation to fix the app to be https from the
start. In that case the redirect will be unnecessary...
Peter
