Bug 40001 - HTML pages should not use GET to restart web-apps.
Summary: HTML pages should not use GET to restart web-apps.
Alias: None
Product: Tomcat 5
Classification: Unclassified
Component: Webapps:Manager (show other bugs)
Version: 5.5.17
Hardware: Other other
: P2 enhancement with 2 votes (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
: 42795 50231 (view as bug list)
Depends on:
Reported: 2006-07-10 14:32 UTC by Michiel Meeuwissen
Modified: 2010-11-08 13:55 UTC (History)
3 users (show)

suggested fix (8.40 KB, patch)
2009-08-15 15:20 UTC, lucenebugs2006
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Michiel Meeuwissen 2006-07-10 14:32:20 UTC
Comment 1 Michiel Meeuwissen 2006-07-10 14:34:44 UTC
If for example FF crashes, and you restart it, it could popup with the
manager-pages in it with reload?path=/, it will immediately, and unwantedly,
restart the web-app 
Comment 2 Yoav Shapira 2006-12-26 07:29:30 UTC
I like the easy functionality.  I'm guessing you want a POST to better comply
with some notion of HTTP semantics where GETs shouldn't do anything but read
data?  If so, please provide a patch accordingly.

Setting Severity to enhancement.
Comment 3 Mark Thomas 2007-07-02 17:17:50 UTC
*** Bug 42795 has been marked as a duplicate of this bug. ***
Comment 4 lucenebugs2006 2009-08-15 15:20:41 UTC
Created attachment 24139 [details]
suggested fix

This patch changes the reload/start/stop/undeploy links to buttons and makes sure the servlet only reacts to POST requests. It also improves the text of the Javascript confirmation dialog a bit.
Comment 5 lucenebugs2006 2009-08-15 15:21:53 UTC
Setting back to "NEW" as requested by the instructions.
Comment 6 Mark Thomas 2009-10-10 14:57:07 UTC
I've applied a patch for this (using some of the ideas in this patch) to Tomcat 7.

I'm not going to propose this for backport to 5.5.x/6.0.x since there may be some users that are using GET requests to integrate the manager with the own management tools and changing to POST would break these.
Comment 7 Ramon 2010-11-08 13:55:14 UTC
*** Bug 50231 has been marked as a duplicate of this bug. ***