[jboss-jira] [JBoss JIRA] (WFCORE-3416) User redirected with HTTP 301 instead of 302 in admin-only mode

Tomas Hofman (JIRA) issues at jboss.org
Mon Nov 13 08:39:00 EST 2017 

     [ https://issues.jboss.org/browse/WFCORE-3416?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tomas Hofman moved JBEAP-13771 to WFCORE-3416:
----------------------------------------------

              Project: WildFly Core  (was: JBoss Enterprise Application Platform)
                  Key: WFCORE-3416  (was: JBEAP-13771)
             Workflow: GIT Pull Request workflow   (was: CDW with loose statuses v1)
          Component/s: Server
                           (was: Web Console)
    Affects Version/s: 4.0.0.Alpha2
                           (was: 7.0.5.GA)


> User redirected with HTTP 301 instead of 302 in admin-only mode
> ---------------------------------------------------------------
>
>                 Key: WFCORE-3416
>                 URL: https://issues.jboss.org/browse/WFCORE-3416
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 4.0.0.Alpha2
>         Environment: JBoss EAP 7.1.0.Alpha and 7.0.5
> OS : RHEL 7
>            Reporter: Tomas Hofman
>            Assignee: Tomas Hofman
>
> The issue isn't that the console isn't working in admin-only mode. It's that a permanent redirect is issued for a temporary condition. The redirect from the console root URL should use a 302, not a 301, since the appropriate target depends on whether the server was started in admin-only mode.
> The root URL of the admin console ( / ) does a permanent redirect (301) to the final target. Normally it's a redirect to /console/index.html. But if the server is started in admin-only mode then /console/index.html doesn't return a sensible error (Chrome reports that the connection to the server was lost). If a browser has cached the permanent redirect, it won't be clear why the console isn't working.
> On the other hand if the server is started in domain-only mode and the browser caches the permanent redirect to /consoleerror/noConsoleForAdminModeError.html, then the browser will continue to load /consoleerror/noConsoleForAdminModeError.html even after the server is started without --admin-only.
> A 301 redirect is inappropriate since "admin-only" isn't a permanent state.



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list