[vlc-devel] Re: vlc: svn commit r19511 (pdherbemont)
damien.fouilleul at laposte.net
Wed Mar 28 14:41:41 CEST 2007
Remi Denis-Courmont wrote:
> On Wed, 28 Mar 2007 12:26:05 +0200 (CEST), Subversion daemon <svn at videolan.org> wrote:
>> r19511 | pdherbemont | 2007-03-28 12:26:05 +0200 (Wed, 28 Mar 2007) | 2
>> Changed paths:
>> M /trunk/modules/access/http.c
>> http Access: Make sure we handle redirection that don't include the server
> This is incorrect.
> "The Location response-header field is used to redirect the recipient to a location other than the Request-URI for completion of the request or identification of a new resource. (...) The field value consists of a single absolute URI."
> If it starts with a /, you are being redirected to a local file, and we purposedly forbade that because of security concerns.
> Rémi Denis-Courmont
As far as i know an absolute URL starting with / is invalid, and even
assuming that it corresponds to a UNIX path is also against the purpose
of URL which strives to be system agnostic. I would agree with pierre's
implementation in that case, which assumes that an Location URL starting
with / must be relative, and therefore replaces the current absolute URL
path with that one (even though it can contradict the specification).
This approach is better than just ignoring the URL, one must be
pragamatic and not dogmatic when dealing with network protocols.
This is the vlc-devel mailing-list, see http://www.videolan.org/vlc/
To unsubscribe, please read http://developers.videolan.org/lists.html
More information about the vlc-devel