You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Andriy Redko (Jira)" <ji...@apache.org> on 2022/08/30 01:15:00 UTC

[jira] [Resolved] (CXF-8752) Configurable list of redirectable verbs

     [ https://issues.apache.org/jira/browse/CXF-8752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andriy Redko resolved CXF-8752.
-------------------------------
    Resolution: Fixed

> Configurable list of redirectable verbs
> ---------------------------------------
>
>                 Key: CXF-8752
>                 URL: https://issues.apache.org/jira/browse/CXF-8752
>             Project: CXF
>          Issue Type: New Feature
>    Affects Versions: 3.5.3, 3.4.8
>            Reporter: Yves Piel
>            Priority: Major
>             Fix For: 4.0.0, 3.6.0, 3.5.4, 3.4.9
>
>         Attachments: image-2022-08-18-10-57-00-592.png, image-2022-08-18-10-57-24-093.png
>
>
> Currently, redirections are limited to 'verbs with no content':
>  * [List of verbs with no content|https://github.com/apache/cxf/blob/4e110842a36ac1923870df2c4b9f1a3266dfbc80/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java#L202]
>  * [Limitation for redirections|https://github.com/apache/cxf/blob/4e110842a36ac1923870df2c4b9f1a3266dfbc80/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java#L1432]
> In [HTTP/1.1 specification|https://www.rfc-editor.org/rfc/rfc7231.html] it is written that automatic redirection need to be done with care for methods not known to be safe:
> !image-2022-08-18-10-57-24-093.png|width=477,height=122!
> The safe methods are GET, HEAD, OPTIONS, and TRACE, those listed in [list of verbs with no content|https://github.com/apache/cxf/blob/4e110842a36ac1923870df2c4b9f1a3266dfbc80/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java#L202] .
> !image-2022-08-18-10-57-00-592.png|width=394,height=302!
> Although the specification tells to do redirection of not safe method with care, it doesn't forbid it. Currently, it is not possible to do redirection of a POST method with CXF.
>  
> Maybe it could be acceptable to configure the list of redirected verbs ?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)