Incorrect host in Location header when creating resources via ReST
Description
In the following request/response to the ReST API:
The host in the returned Location header is set to localhost:8980, which differs from the host in the request 127.0.0.1:8980.
As originally reported in NMS-7845 this can cause authentication errors, since existing session cookies attached to the 127.0.0.1:8980 host will no longer be used when following the redirect to localhost:8980.
CXF 3.1.5 was released, I'll work up updating it in foundation-2016.
Alejandro Galue January 29, 2016 at 12:56 PM
Edited
I think is right. On a CentOS VM, the Location header for the last foundation-2016 RPMs is correct (check the new screenshot).
Alejandro Galue January 29, 2016 at 12:14 PM
Edited
Clearly, you can see that a request against demo.opennms.org, returns localhost on the Location header of the 303 response, which is incorrect by definition.
Benjamin Reed January 29, 2016 at 12:14 PM
Demo is reverse-proxied with apache in front of it, so maybe something related to that is messing things up?
In the following request/response to the ReST API:
The host in the returned Location header is set to localhost:8980, which differs from the host in the request 127.0.0.1:8980.
As originally reported in NMS-7845 this can cause authentication errors, since existing session cookies attached to the 127.0.0.1:8980 host will no longer be used when following the redirect to localhost:8980.