You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Ian Boston (JIRA)" <ji...@apache.org> on 2018/02/14 08:27:03 UTC
[jira] [Commented] (SLING-7350) StreamRendererServlet redirects
HEAD requests to external uri if available
[ https://issues.apache.org/jira/browse/SLING-7350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16363637#comment-16363637 ]
Ian Boston commented on SLING-7350:
-----------------------------------
I have looked at this again and although the patch fixes the problem I am now not so certain.
The http spec says GET and HEAD should be treated the same when deciding to perform a 302 redirect or not. see section 10.3.3 of page 62 of rfc2616.
The reason for a HEAD is often for a browser to determine if something has changed. Changed from what ? Changed from the GET which was a redirect. So the GET after redirect had headers that defined the state of the final resource (etag, length, last modified). Those will have been provided by the service that served the content. Lets say that is AWS CloudFront. Only AWS CloudFront knows the headers it sent out. Sling has no knowledge of those headers so it cannot emit a valid HEAD response other than to redirect to CloudFront to provide that response.
If Sling emits a HEAD response for HEAD and a redirect for GET, then the client will always interpret that as the GET is required and always perform the GET, defeating the purpose of the HEAD.
If you have a different interpretation of more information please share it. If neither of us are certain about this, then we might need to ask a higher authority, perhaps even Roy Fielding or someone who really knows.
---------------------
I appreciate this might break the client, but if it does, the client is probably already broken and has not implemented HEAD properly. I know some clients can't even follow redirects correctly, not modern browsers fortunately.
Which client is having a problem with the HEAD redirect ?
> StreamRendererServlet redirects HEAD requests to external uri if available
> --------------------------------------------------------------------------
>
> Key: SLING-7350
> URL: https://issues.apache.org/jira/browse/SLING-7350
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Affects Versions: Servlets Get 2.1.30
> Reporter: Satya Deep Maheshwari
> Priority: Major
> Attachments: SLING-7350.diff
>
>
> SLING-7140 added a feature to support redirects to external uri of a resource if available. This handled by StreamRendererServlet. See [1]. As per the current implementation, if there's a uri available, a redirect is done for a http HEAD request as well. This can be problematic for clients which expect the response as sent by the servlet as of now if the response is different from the redirected HEAD request.
> Would it be correct to handle the HEAD request *before* the redirect so that its current behavior is retained?
> [1] - https://github.com/apache/sling-org-apache-sling-servlets-get/blob/8ba11a174996ca4b7237c54879d1db8f14796f4d/src/main/java/org/apache/sling/servlets/get/impl/helpers/StreamRendererServlet.java#L171-L173
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)