Tapestry 5
  1. Tapestry 5
  2. TAP5-613

Returning a Link to a secure page from an ajax event handler method causes the redirect to be invalid if the event is sent from an insecure page

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 5.0.18
    • Fix Version/s: 5.1.0.4
    • Component/s: tapestry-core
    • Labels:
      None

      Description

      I think there's something wrong with the way tapestry handles redirects from Ajax requests. I'm having the following problem: I have a page, say:

      http://localhost/mytapestryapp/resetpassword

      with a form that sends an ajax submit request and the request handler returns a Link which leads to my login page annotated with @Secure. The link factory therefore creates an absolute link like this:

      https://localhost/mytapestryapp/login/confirmpasswordreset

      Unfortunately javascript code in tapestry.js uses location.pathname (which afaik changes only the context path of the location) to set the redirect address. The result is that I'm being redirected to the following page:

      http://localhost/https://localhost/mytapestryapp/login/confirmpasswordreset

      It works this way on IE and mozilla-based browsers - checked it on Firefox 3.0.7, Epiphany 2.24.3, IE 6.0. It does however work correctly on Opera 9.6 probably because of the differences in how location.pathname is handled.

        Activity

        Olaf Tomczak created issue -
        Howard M. Lewis Ship made changes -
        Field Original Value New Value
        Assignee Howard M. Lewis Ship [ hlship ]
        Howard M. Lewis Ship made changes -
        Status Open [ 1 ] Closed [ 6 ]
        Fix Version/s 5.1.0.4 [ 12313854 ]
        Resolution Fixed [ 1 ]

          People

          • Assignee:
            Howard M. Lewis Ship
            Reporter:
            Olaf Tomczak
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development