6824 2009-04-16 13:31:29 +0000 Redirections: parsing of the Location HTTP header may raise HTTP_RESPONSE-5 incorrectly 2009-04-30 11:56:38 +0000 1 1 1 Unclassified mobileOK Basic checker Java Library unspecified Other All RESOLVED FIXED P2 minor --- 1 fd abel.rionda oldest_to_newest 24768 0 fd 2009-04-16 13:31:29 +0000 HTTP_RESPONSE-5 is a warning that should be raised whenever the Location HTTP header received in a redirect response contains a relative URI. The check performed in HttpRetrievalElement is a bit too restrictive. Not starting with "http" does not necessarily mean the URI is relative (it could be "ftp://foo"). Besides the scheme part of a URI is case-insensitive, and so HTTP://example.com should be considered as a valid absolute URI that should not trigger the warning! 24841 1 abel.rionda 2009-04-20 08:41:03 +0000 Used isAbsolute method from Java.net.URI class. 24971 2 fd 2009-04-30 11:56:38 +0000 While having a look, I realized that we were not entirely consistent throughout the code on the way URIs were resolved. Resource.parseUri implements some exception-to-the-rules to handle unsafe characters that are generally accepted by browsers. Since it was being used in a few places, I thought it would be better to be consistent and use it everywhere. DefaultInputModeTest.validInputMode still uses a call to "new URI". It doesn't seem such a good idea to parse the URI with relaxed rules in that case. Also replaced HTTP_RESPONSE-4 by HTTP_RESPONSE-6 in the case when the URI of the Location HTTP header cannot be parsed. In the absence of a more precise error code, that just sounded less confusing to say: "the URI does not have the http/https scheme" than "there is no Location header" (since there is one).