10509 – Relative redirection makes internal addresses appear to the external world

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 10509 - Relative redirection makes internal addresses appear to the external world

Summary: Relative redirection makes internal addresses appear to the external world

Status:	RESOLVED FIXED

Alias:	None

Product:	mobileOK Basic checker
Classification:	Unclassified
Component:	Web interface (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	P2 normal
Target Milestone:	---
Assignee:	fd
QA Contact:	fd

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-08-30 14:45 UTC by fd
Modified:	2010-08-30 14:47 UTC (History)
CC List:	0 users

See Also:

Attachments

Description fd 2010-08-30 14:45:30 UTC

The mobileOK Checker servlet redirects users to the home page when users try to check an empty URI or an empty extract. That's fine except the code uses response.sendRedirect with a relative path.

This path gets completed internally with the server host name to create an absolute redirect URI of the form:
 http://waxler.w3.org/mobileok/
 http://tahiti.w3.org/mobileok/

These addresses should never appear in users address bars. What should rather appear is:
 http://validator.w3.org/mobile/

Comment 1 fd 2010-08-30 14:47:53 UTC

Redirection now uses the requested URI, trimmed down to the last "/" to redirect the user. This URI should always be something like http://validator.w3.org/mobile/