Closed maestros closed 5 years ago
Indeed there is no reverse mapping for the Location header
Many thanks for your prompt reply @mkopylec I did a quick attempt to add a reverse mapping for the Location header but then I ended up having an infinite loop of redirections, which makes sense to me in retrospect. So, this problem seems to need a bit more careful consideration.
The cause of the was rewriting the 'Host' header to outgoing server during the request forwarding process. The outgoing server constructs the 'Location' response header using the 'Host' request header value. In 4.0.0 version 'Host' header rewriting is disabled by default.
I'm running a simple test case where Charon does not handle HTTP redirects as expected.
On localhost I run: 1) a Tomcat instance on 8888 running WebGoat 2) a Charon instance on 8880 that maps all requests to the Tomcat instance
There is a single mapping in the application.yml file:
3) Using the browser, I send a request to: http://localhost:8880/webgoat-7.0.1/ 4) The browser is redirected to: http://localhost:8888/webgoat-7.0.1/login.mvc
Here are the Charon logs:
The end result is that after that point the reverse proxy is completely bypassed as the browser uses the origin server directly.
It seems to me that a reverse mapping is missing for the Location header.
I would really appreciate your thoughts here.
Many thanks, Apostolos