infrequently paths showing as allowed destination hosts in menu #39
Labels
Comments
Fixed in r274. This turned out to be caused by not correctly handling redirect destination locations that were only paths, not valid URIs. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sometimes a path will show up as an allowed destination hostname in the menu. I finally found a repeatable (for the moment) example of this happening and it appears to be with a 303 Object Moved redirect to a location that is just a path (no protocol + host).
Example with some specifics removed (so you don't know what coupon my wife wanted me to print):
http://coupons2.smartsource.com/smartsource/index.jsp?Link=XXXXXXX
elicited the following Location header in the response:
Location: /YYYYYYY/dcs.gif?dcsredirect=126&dcstlh=0&...
which appears to match what I see in the !RequestPolicy menu.
However, it seems like there must be more to it as one would think this would be fairly common and so the bug would have been visible more frequently. I'll need to come up with a repeatable test case to be sure that this is the issue.
The text was updated successfully, but these errors were encountered: