You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by sasuke <uz...@gmail.com> on 2010/07/24 21:58:21 UTC

File download popup when accessing confidential resources

Hi all,

Just observed a strange behaviour when accessing secure resource using HTTP
instead of HTTPS. Instead of redirecting the client to the proper HTTPS
resource, a download file popup is shown. As an e.g.:
Client requests: http://localhost:8080/app/help.jsp [redirect to HTTPS as
per web.xml config]
Client requests: https://localhost:8443/app/help.jsp [serve confidential
resource]
Client requests: http://localhost:8443/app/help.jsp [popup asking for
download of help.jsp ?]

In the third scenario, the confidential resource help.jsp is requested with
"http" being the protocol and the port being "8443" (https port). The result
is a download dialog box for 'help.jsp' (which fortunately contains junk
data). Is this behaviour normal? Any means by which this can be suppressed?

TIA,
sasuke
-- 
View this message in context: http://old.nabble.com/File-download-popup-when-accessing-confidential-resources-tp29256695p29256695.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org