[jboss-jira] [JBoss JIRA] (WFCORE-3416) User redirected with HTTP 301 instead of 302 in admin-only mode

Darran Lofthouse (JIRA) issues at jboss.org
Tue Nov 28 16:11:00 EST 2017 

    [ https://issues.jboss.org/browse/WFCORE-3416?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13494937#comment-13494937 ] 

Darran Lofthouse commented on WFCORE-3416:
------------------------------------------

I am currently experiencing a different issue that may also be improved by incorporating these changes.

If I connect my web browser over port 9990 and then subsequently enable SSL because the previous connection used a moved permanently redirect the web browser remembers this, the admin console previously loaded from port 9990 is used and the management request to port 9990 redirected to port 9993 but now it is a cross origin request so is rejected.

> User redirected with HTTP 301 instead of 302 in admin-only mode
> ---------------------------------------------------------------
>
>                 Key: WFCORE-3416
>                 URL: https://issues.jboss.org/browse/WFCORE-3416
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 4.0.0.Alpha2
>         Environment: JBoss EAP 7.1.0.Alpha and 7.0.5
> OS : RHEL 7
>            Reporter: Tomas Hofman
>            Assignee: Tomas Hofman
>
> The issue isn't that the console isn't working in admin-only mode. It's that a permanent redirect is issued for a temporary condition. The redirect from the console root URL should use a 302, not a 301, since the appropriate target depends on whether the server was started in admin-only mode.
> The root URL of the admin console ( / ) does a permanent redirect (301) to the final target. Normally it's a redirect to /console/index.html. But if the server is started in admin-only mode then /console/index.html doesn't return a sensible error (Chrome reports that the connection to the server was lost). If a browser has cached the permanent redirect, it won't be clear why the console isn't working.
> On the other hand if the server is started in domain-only mode and the browser caches the permanent redirect to /consoleerror/noConsoleForAdminModeError.html, then the browser will continue to load /consoleerror/noConsoleForAdminModeError.html even after the server is started without --admin-only.
> A 301 redirect is inappropriate since "admin-only" isn't a permanent state.



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list