Bug 38012

Summary: CGIServlet redirect
Product: Tomcat 5 Reporter: Bob Faist <bfaist>
Component: Servlets:CGIAssignee: Tomcat Developers Mailing List <dev>
Status: CLOSED FIXED    
Severity: normal    
Priority: P2    
Version: 5.5.14   
Target Milestone: ---   
Hardware: Other   
OS: Windows XP   
Attachments: CGIServlet.java file with patch appiled

Description Bob Faist 2005-12-22 20:04:10 UTC
The CGIServlet does not handle the scenario where the HTTP response is a
redirect status code (301, 302, 303).  I have a patch to handle the scenario.
Comment 1 Bob Faist 2005-12-22 20:05:49 UTC
diff of patch

$ diff CGIServlet.java.orig.java org/apache/catalina/servlets/CGIServlet.java
1763a1764
>           boolean isRedirectStatus = false;
1788a1790,1802
>                           // if we received a redirect status and also
received a new location, lets go to it.
>                           if(isRedirectStatus == true &&
header.toLowerCase().equals("location")) {
>                                
response.sendRedirect(response.encodeRedirectURL(value));
>                           }
>                           // if we receive a redirect status (301, 302, 303),
>                           // then set boolean flag so when we get the
location, we can redirect to it.
>                           if(header.toLowerCase().equals("status")) {
>                             
if(value.contains(Integer.toString(HttpServletResponse.SC_MOVED_PERMANENTLY)) ||
>                                
value.contains(Integer.toString(HttpServletResponse.SC_MOVED_TEMPORARILY)) ||
>                                
value.contains(Integer.toString(HttpServletResponse.SC_SEE_OTHER))) {
>                                      isRedirectStatus = true;
>                              }
>                           }
Comment 2 Bob Faist 2005-12-22 20:07:18 UTC
Created attachment 17261 [details]
CGIServlet.java file with patch appiled
Comment 3 Mark Thomas 2005-12-29 15:07:30 UTC
This has been fixed in SVN for TC4 and TC5. I used a more general fix that
allows any status code to be set.
Comment 4 Bob Faist 2005-12-29 16:09:21 UTC
My testing of this patch did not work.  

I think you have to use the "sendRedirect()" method in the response object.

The call that was added to "setStatus()" for this patch is not being used in my
scenario as this is not a NPH response.

Here is the response lines which are being read in my application:

Content-Type: text/html; charset=ISO-8859-1
Status: 302 Moved
Set-Cookie: emsng_ietm_session_key=b4849b471b8fab616355598d151a92b5; path=/
Date: Thu, 29 Dec 2005 15:02:48 GMT
Location: http://bfaist-ws:8080/emsng_ietm/cgi-bin/IETM_Menu.pl


Comment 5 Mark Thomas 2005-12-29 19:45:13 UTC
Thanks for testing so quickly.

I have added handling for the CGI specific status header. My testing shows that
send redirect is unecessary since the redirect status code and the location
headers are both present.

Again, TC4 and TC5 patched.
Comment 6 Bob Faist 2005-12-29 19:58:49 UTC
My testing of the latest patch was successful.  Thanks Mark.