Review whether to send request body in redirects #8770
Labels
Comments
sbordet
changed the title
|
Turns out that we are re-sending the request content even when the redirection changes the method to |
sbordet
added a commit
that referenced
this issue
Oct 27, 2022
Now the original request body is re-sent only if the redirect status code is 307 or 308. In the other cases, it is a redirect to a GET method, so the Location is followed without resending the body. Signed-off-by: Simone Bordet <[email protected]>
sbordet
added a commit
that referenced
this issue
Nov 8, 2022
Also removing the content headers in case of redirect using GET. Signed-off-by: Simone Bordet <[email protected]>
sbordet
added a commit
that referenced
this issue
Nov 8, 2022
* Fixes #8770 - Review whether to send request body in redirects. Now the original request body is re-sent only if the redirect status code is 307 or 308. In the other cases, it is a redirect to a GET method, so the Location is followed without resending the body, and the content headers are removed. Signed-off-by: Simone Bordet <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Jetty version(s)
10+
Enhancement Description
HttpRedirectorshould probe the request content to know whether it's reproducible like e.g.AuthenticationProtocolHandlerdoes.The text was updated successfully, but these errors were encountered: