RE: SSL, MirrorFrames and Redirects... from Yves Lafon on 2003-04-03 (www-jigsaw@w3.org from March to April 2003)

From: Yves Lafon <ylafon@w3.org>
Date: Thu, 3 Apr 2003 15:38:34 +0200 (MEST)
To: "Laird, Brian" <BLaird@perseco.com>
cc: www-jigsaw@w3.org, "Hady, Jeff" <JHady@perseco.com>, "Michalak, Michael" <MMichalak@perseco.com>
Message-ID: <Pine.GSO.4.53.0304031525420.18539@tarantula.inria.fr>
On Fri, 28 Mar 2003, Laird, Brian wrote:

>
> After doing some research I have come up with a proposed bug fix to the
> dupReply method in MirrorFrame.  Sorry for the poor formatting (outlook
> sucks for this kind of stuff)
>
> Description of changes:
> - When making a fake URL the new code honors the original incoming
> protocol (i.e. http or https)
> - The uloc variable is now created using the original request URL.
> This is to handle relative redirects more appropriately.  (I would be
> happy to provide our examples to explain what I mean in better detail)
> - Only change the location if the backend server (server being mirrored)
> returns a fully qualified path back to it's self.
> - If the location doesn't start with what we are mirroring then leave it
> alone and the let the browser deal with it.  We found this solves most
> our problems with redirects.

MirrorFrame was mainly designed with only http in mind, and the case of
https has been to ften forgotten in some extensions and clearly.
I'll do some more tests, and pur your page in the cvs tree.
Thanks!

>
> Notes / Comments:
> - I have not tested this with partial mirroring, but I think they will work just fine
> - I realize that these changes may not follow the HTTP spec, but they do reflect what I think most back end servers may do.  I read the spec, and wasn't really sure that there is a right or wrong way to do it.
> - Sorry, I changed some of the braces and comments to make it easier to read
> - this has only been tested with jdk 1.4 but most if not all of our "redirect" issues have been resolved
> - my grammer may be bad, but what do you expect from a developer :-)
>
> Old Code:
>     	switch(reply.getStatus())
>         {
>     	  case HTTP.MOVED_PERMANENTLY:
>     	  case HTTP.TEMPORARY_REDIRECT:
>     	  case HTTP.FOUND:
>     	  case HTTP.SEE_OTHER:
>     	      // Have fun !
>     	      String location = rep.getLocation();
>     	      if ((mirrors != null) && (location != null))
>               {
>         		  try
>                   {
>         		      URL uloc = new URL(mirrors, location);
>         		      URL loc  = getURL(request);
>         		      URL fake;
>         		      if (isPartialMirroring()) {
>         			  fake = new URL("http"
>         					 , loc.getHost()
>         					 , loc.getPort()
>         					 , getURLPath()+uloc.getFile());
>         		      } else {
>         			  fake = new URL("http"
>         					 , loc.getHost()
>         					 , loc.getPort()
>         					 , uloc.getFile());
>         		      }
>         		      reply.setLocation(fake);
>         		  }
>                   catch (Exception ex)
>                   {}
>     		  return reply;
>     	      } // end of if
>     	} //end of switch
>
> New Code:
>  	switch(reply.getStatus())
>         {
>     	  case HTTP.MOVED_PERMANENTLY:
>     	  case HTTP.TEMPORARY_REDIRECT:
>     	  case HTTP.FOUND:
>     	  case HTTP.SEE_OTHER:
>     	      // Have fun !
>             String location = rep.getLocation();
>             if ((mirrors != null) && (location != null))
>             {
>                 try
>                 {
>                     URL uloc = new URL(request.getURL(), location);
>                     //URL test = new URL(request.getURL(), location);
>                     URL loc  = getURL(request);
>                     URL fake = null;
>                     if (isPartialMirroring())
>                     {
>                         fake = new URL(request.getURL().getProtocol()
>                                  , loc.getHost()
>                                  , loc.getPort()
>                                  , getURLPath()+uloc.getFile());
>                     }
>                     else if (location.startsWith(mirrors.toString()))
>                     {
>                         fake = new URL(request.getURL().getProtocol()
>                              , loc.getHost()
>                              , loc.getPort()
>                              , uloc.getFile());
>                     }
>                     if (fake != null)
>                         reply.setLocation(fake);
>                 }
>                 catch (Exception e)
>                 {}
>             }
>     	} //end of switch
>     	return reply;
>     }
>
>
>
> >  -----Original Message-----
> > From: 	Laird, Brian
> > Sent:	Thursday, March 27, 2003 4:49 PM
> > To:	www-jigsaw@w3.org
> > Subject:	SSL, MirrorFrames and Redirects...
> >
> > This is meant to be a question / clarification of what I thought a MirrorFrame would do.  I have a server setup using SSL, and when I connect to it (ex: https:\\testserver) is actually "mirroring" another server (ex: http:\\backendserver).  When the backend server issues either a 301 or 302 with a full URL specified in the location header field from the backend server (ex: http:\\testserver\somedir\somefile.html), the MirrorFrame doesn't convert it to SSL as I would expect (i.e. I am expecting the MirrorFrame to make the location field look like https:\\testserver\somedir\somefile.html).  Should the MirrorFrame handle this conversion back to SSL or is meant to be done by a custom filter?
> >
> > Thanks for the continued help,
> > Brian
>

-- 
Yves Lafon - W3C
"Baroula que barouleras, au tiéu toujou t'entourneras."
Received on Thursday, 3 April 2003 08:38:39 UTC