The bug https://bz.apache.org/bugzilla/show_bug.cgi?id=62471 has been reintroduced in Tomcat 8.5.39. After setting a response status to >= 400 it's impossible to set status code again. It appears that the fix for 9.x from commit 2b239e1ea0f3f8b5cdf01062a106ade9465756ec was not applied to 8.5.x and the regression was released in 8.5.39.
I assume I am hitting the same problem with Tomcat 8.5.39. This doesn't happen in 8.5.38 or 9.0.16/17. But happens in 8.5.39 8.5.38/9.0.16/17 - Working: Host: ms.senia.org:8080 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Origin: http://ms.senia.org:8080 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15 Connection: keep-alive Upgrade-Insecure-Requests: 1 Referer: http://ms.senia.org:8080/login Content-Length: 35 Cookie: _ga=GA1.2.1325695642.1548688812; __cfduid=da3e73689d4a06bf901836c2dadce38751531340071 username=gsadmin&password=sdfsdfsdfHTTP/1.1 302 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 X-Frame-Options: SAMEORIGIN Location: /login?error=true Content-Length: 0 Date: Wed, 03 Apr 2019 18:17:12 GMT GET /login?error=true HTTP/1.1 Host: ms.senia.org:8080 Origin: http://ms.senia.org:8080 Cookie: _ga=GA1.2.1325695642.1548688812; __cfduid=da3e73689d4a06bf901836c2dadce38751531340071 Connection: keep-alive Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15 Referer: http://ms.senia.org:8080/login Accept-Encoding: gzip, deflate Accept-Language: en-us 8.5.39 - Failed on Redirect just a 401 or on safari a login.dms download.. POST /login HTTP/1.1 Host: ms.senia.org:8080 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Origin: http://ms.senia.org:8080 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15 Connection: keep-alive Upgrade-Insecure-Requests: 1 Referer: http://ms.senia.org:8080/login Content-Length: 35 Cookie: _ga=GA1.2.1325695642.1548688812; __cfduid=da3e73689d4a06bf901836c2dadce38751531340071 username=gsadamin&password=sdfsdfsfHTTP/1.1 401 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 X-Frame-Options: SAMEORIGIN Location: /login?error=true Content-Length: 0 Date: Wed, 03 Apr 2019 18:13:25 GMT
(In reply to Greg Senia from comment #1) Hey Greg, As 8.5.39 is the only 8.5.x version that was released with the regression I'd say the probability that you're affected is very high. Cheers, Patryk > I assume I am hitting the same problem with Tomcat 8.5.39. This doesn't > happen in 8.5.38 or 9.0.16/17. But happens in 8.5.39 > > 8.5.38/9.0.16/17 - Working: > Host: ms.senia.org:8080 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Encoding: gzip, deflate > Accept-Language: en-us > Content-Type: application/x-www-form-urlencoded > Origin: http://ms.senia.org:8080 > User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) > AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15 > Connection: keep-alive > Upgrade-Insecure-Requests: 1 > Referer: http://ms.senia.org:8080/login > Content-Length: 35 > Cookie: _ga=GA1.2.1325695642.1548688812; > __cfduid=da3e73689d4a06bf901836c2dadce38751531340071 > > username=gsadmin&password=sdfsdfsdfHTTP/1.1 302 > X-Content-Type-Options: nosniff > X-XSS-Protection: 1; mode=block > Cache-Control: no-cache, no-store, max-age=0, must-revalidate > Pragma: no-cache > Expires: 0 > X-Frame-Options: SAMEORIGIN > Location: /login?error=true > Content-Length: 0 > Date: Wed, 03 Apr 2019 18:17:12 GMT > > GET /login?error=true HTTP/1.1 > Host: ms.senia.org:8080 > Origin: http://ms.senia.org:8080 > Cookie: _ga=GA1.2.1325695642.1548688812; > __cfduid=da3e73689d4a06bf901836c2dadce38751531340071 > Connection: keep-alive > Upgrade-Insecure-Requests: 1 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) > AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15 > Referer: http://ms.senia.org:8080/login > Accept-Encoding: gzip, deflate > Accept-Language: en-us > > 8.5.39 - Failed on Redirect just a 401 or on safari a login.dms download.. > > POST /login HTTP/1.1 > Host: ms.senia.org:8080 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Encoding: gzip, deflate > Accept-Language: en-us > Content-Type: application/x-www-form-urlencoded > Origin: http://ms.senia.org:8080 > User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) > AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15 > Connection: keep-alive > Upgrade-Insecure-Requests: 1 > Referer: http://ms.senia.org:8080/login > Content-Length: 35 > Cookie: _ga=GA1.2.1325695642.1548688812; > __cfduid=da3e73689d4a06bf901836c2dadce38751531340071 > > username=gsadamin&password=sdfsdfsfHTTP/1.1 401 > X-Content-Type-Options: nosniff > X-XSS-Protection: 1; mode=block > Cache-Control: no-cache, no-store, max-age=0, must-revalidate > Pragma: no-cache > Expires: 0 > X-Frame-Options: SAMEORIGIN > Location: /login?error=true > Content-Length: 0 > Date: Wed, 03 Apr 2019 18:13:25 GMT
Fixed in: - 8.5.x for 8.5.40 onwards Thanks for the report and for tracking down the missing back-port.
Thanks for fixing! I probably spent half a day figuring out that this was why error redirects didn't work. Other than upgrading, is there any known work-around for this problem?
Sorry, upgrading is the only way to fix this.