[ htmlunit-Bugs-1531821 ] 302 Redirection to the same url after a POST not followed

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[ htmlunit-Bugs-1531821 ] 302 Redirection to the same url after a POST not followed

SourceForge.net
Bugs item #1531821, was opened at 2006-07-31 17:42
Message generated for change (Comment added) made by mguillem
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=448266&aid=1531821&group_id=47038

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: 1.8
>Status: Closed
>Resolution: Fixed
Priority: 5
Submitted By: craig (craig_copeland)
>Assigned to: Marc Guillemot (mguillem)
>Summary: 302 Redirection to the same url after a POST not followed

Initial Comment:
HtmlUnit is not following the 302 response in
particular situations.  This seems to be exactly what
davidmhill was trying to describe in bug:
https://sourceforge.net/tracker/index.php?func=detail&aid=1359254&group_id=47038&atid=448267
1. Looking at the HTTP headers in AID 1359254, you see
a POST to URL x, and a 302 response with Location x.
2. There may also be a strict enforcement of RFC 2068
that is superceding a relevant Note in RFC 2616.
Please, see the email below for more info on this.

In the meantime I will attempt to find a simple
reproduction scenario if needed.  Please contact me if
this is needed.

-----------
Hi Craig,

perhaps could you open an issue / add this comment to
an existing one by htmlunit?

Marc Guillemot.

Craig Copeland wrote:

> Marc,
>
> I think this issue is likely two fold.
> 1. The Location returned in the 302 is identical to
> the original submitted. This could potentially cause
> an inifite loop. The user-agent could allow for a
> finite number of redirects to the same location.
> The software I'm testing uses other fields to know
> if a 302 should be issued after a POST, which would
> keep the infinite loop from occurring.
> 2.  It could also be that since HtmlUnit is a very
> strict user-agent implementation, that section
> 10.3.3 of RFC 2616 (concerning 302 responses) is
> being enforced in respect to how to treat a 302
> redirect if the inital method was POST instead of
> GET (or HEAD). However, looking at the full context
> of RFC 2616,
> www.w3.org/Protocols/rfc2616/rfc2616-sec10.html,
> it says:
>  If the 302 status code is received in response to
> a request other than GET or HEAD, the user agent
> MUST NOT automatically redirect the request unless
> it can be confirmed by the user, since this might
> change the conditions under which the request was
> issued.
>       Note: RFC 1945 and RFC 2068 specify that the
>       client is not allowed to change the method on
>       the redirected request.  However, most
>       existing user agent implementations treat 302
>       as if it were a 303 response, performing a
>       GET on the Location field-value regardless
>       of the original request method. The status
>       codes 303 and 307 have been added for servers
>       that wish to make unambiguously clear which
>       kind of reaction is expected of the client.
>
> HtmlUnit may be strictly enforcing 1945 & 2068, and
> disregarding the Note above.
>
> Again, thanks!
> Craig

----------------------------------------------------------------------

>Comment By: Marc Guillemot (mguillem)
Date: 2006-09-20 21:33

Message:
Logged In: YES
user_id=402164

Now fixed in SVN: htmlunit tries to react like browsers
rather than like the RFC.
Thanks for writing this test... even if I couldn't use it.
You may want to have a look at
com.gargoylesoftware.htmlunit.WebClientTest#doTestRedirectionSameUrlAfterPost
to see how the unit test looks like.

----------------------------------------------------------------------

Comment By: craig (craig_copeland)
Date: 2006-08-22 23:38

Message:
Logged In: YES
user_id=1561211

Here's a reproduction scenario:
1. Download and install Perl
http://www.activestate.com/Products/Download/Download.plex?id=ActivePerl
(I'm using version 5.8.8)

2. Run the perl httpdebug script to mimic a web server. Use
attached perl script and name file httpdebug.pl.
Suggested runtime call:
> perl httpdebug.pl -p 8888
This will start a webserver listening on port 8888.
(Code taken mostly from:
http://www.cpan.org/authors/id/J/JN/JNOLAN/httpdebug-2.0)

3. To see a redirect work correctly open IE and:
  a. enter this URL address
http://<your_host_name_for_your_box>:8888/redirectThisPage&page=post
  b. Click the Submit button
===> The command shell where you started the perl script
should print out a line each time the redirect (302) and the
normal (200) pages are returned to your browser.

4. After tweaking the script appropriately, run the attached
Canoo WebTest script:
>webtest -buildfile test.xml
===>
BUILD FAILED
C:\Documents and
Settings\ccopeland\Desktop\canoo-webtest\tests\test.xml:11: Ca
oo Webtest: R_1375.
Test failed.
Test step clickButton (C:\Documents and
Settings\ccopeland\Desktop\canoo-webtes
\tests\test.xml:24: )  failed with message "Step[clickButton
(3/4)]: HTTP error
302, at: clickButton"
        at
com.canoo.webtest.ant.WebtestTask.stopBuildIfNeeded(WebtestTask.java
186)
        at
com.canoo.webtest.ant.WebtestTask.execute(WebtestTask.java:155)
        at
org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)
        at org.apache.tools.ant.Task.perform(Task.java:364)
        at org.apache.tools.ant.Target.execute(Target.java:341)
        at
org.apache.tools.ant.Target.performTasks(Target.java:369)
        at
org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216)
        at
org.apache.tools.ant.Project.executeTarget(Project.java:1185)
        at
org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultEx
cutor.java:40)
        at
org.apache.tools.ant.Project.executeTargets(Project.java:1068)
        at org.apache.tools.ant.Main.runBuild(Main.java:668)
        at org.apache.tools.ant.Main.startAnt(Main.java:187)
        at
org.apache.tools.ant.launch.Launcher.run(Launcher.java:246)
        at
org.apache.tools.ant.launch.Launcher.main(Launcher.java:67)

Total time: 2 seconds

----------------------------------------------------------------------

Comment By: veit (vguna)
Date: 2006-08-05 12:22

Message:
Logged In: YES
user_id=1512737

I've got the same problem. I'm using JSF for my webapp and
redirects to the same page aren't unusual.


----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=448266&aid=1531821&group_id=47038

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
HtmlUnit-develop mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/htmlunit-develop