Peter:
To answer your questions
1. The response header when using 8080 to post, I got:

    Status Code: 405 Method Not Allowed
    Allow: POST
    Cache-Control: private
    Content-Language: en
    Content-Length: 1045
    Content-Type: text/html;charset=utf-8
    Date: Mon, 23 Jan 2017 18:48:07 GMT
    Expires: Wed, 31 Dec 1969 16:00:00 PST
    Server: Apache-Coyote/1.1

This agrees to the access log record

When using 8443 for the same POST operation, I got:

    Status Code: 201 Created
    Content-Length: 277
    Content-Type: application/xml
    Date: Mon, 23 Jan 2017 18:51:25 GMT
    Server: Apache-Coyote/1.1

Which also agrees to the access log record.

For your second question:
I understand the risk and consequence of using redirect for POST, this is just 
an alternative for us for a short period of time, we will force all our users 
to move the https before we can shut down the 8080 for POST. We are working on 
that in the meantime.

Thank you very much,

Bin 


-----Original Message-----



The redirect takes place in the client. What kind of client do you use? Could 
you send us the response headers from the two setups?



You did not answer on my recommendation to fix the app to be https from the 
start. In that case the redirect will be unnecessary...



Peter





Reply via email to