[vlc-devel] Re: vlc: svn commit r19511 (pdherbemont)

Damien Fouilleul damien.fouilleul at laposte.net
Wed Mar 28 14:41:41 CEST 2007


Remi Denis-Courmont wrote:
>
> On Wed, 28 Mar 2007 12:26:05 +0200 (CEST), Subversion daemon <svn at videolan.org> wrote:
>   
>> r19511 | pdherbemont | 2007-03-28 12:26:05 +0200 (Wed, 28 Mar 2007) | 2
>> lines
>> Changed paths:
>>    M /trunk/modules/access/http.c
>>
>> http Access: Make sure we handle redirection that don't include the server
>> name.
>>     
>
> This is incorrect.
>
> "The Location response-header field is used to redirect the recipient to a location other than the Request-URI for completion of the request or identification of a new resource. (...) The field value consists of a single absolute URI."
>
> If it starts with a /, you are being redirected to a local file, and we purposedly forbade that because of security concerns.
>
> --
> Rémi Denis-Courmont
> http://www.remlab.net/
>
>   
As far as i know an absolute URL starting with / is invalid, and even 
assuming that it corresponds to a UNIX path is also against the purpose 
of URL which strives to be system agnostic. I would agree with pierre's 
implementation in that case, which assumes that an Location URL starting 
with / must be relative, and therefore replaces the current absolute URL 
path with that one (even though it can contradict the specification). 
This approach is better than just ignoring the URL, one must be 
pragamatic and not dogmatic when dealing with network protocols.

Damien

-- 
This is the vlc-devel mailing-list, see http://www.videolan.org/vlc/
To unsubscribe, please read http://developers.videolan.org/lists.html



More information about the vlc-devel mailing list