Opened 13 years ago
Closed 10 years ago
#18685 closed defect (bug) (duplicate)
GET Requests with hostname in them causes wrong redirect
Reported by: | Ueland | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.2.1 |
Component: | Bootstrap/Load | Keywords: | has-patch |
Focuses: | Cc: |
Description
Hi!
I have noticed that my Android phone when using Cyanogenmod with default browser does some "special" things when on 3G. (It does not happend via WiFi)
It appears that the hostname is sent with every GET-request. Its common to only send the path in a GET-request but the HTTP secification also allows for the use of hostname within a GET-request.
My test page ( http://h3x.no/dump/test.php ) shows the hostname in the REQUEST_URI via 3G, and skips the hostname when on WiFi.
This causes Wordpress(i suspect) to redirect me to the wrong page.
Example:
I want the page:
http://h3x.no/2011/09/12/getting-windows-2008-server-uptime-via-the-command-line
My phone sends me to:
http://h3x.no/2011/09/12/getting-windows-2008-server-uptime-via-the-command-line/http/h3x.no/2011/09/12/getting-windows-2008-server-uptime-via-the-command-line
Attachments (1)
Change History (5)
#2
@
11 years ago
I have noticed that my Android phone when using Cyanogenmod with default browser does some "special" things when on 3G. (It does not happend via WiFi)
FWIW, this is probably due to a ISP-level proxy which passes the request on as a full url.
I tried to duplicate this, but it appears that Nginx sanitizes it to /request-uri/ before passing it to PHP, so wasn't easily able to test locally.
Confirmed that this happens when you use an absolute URI in the GET request. WordPress assumes (incorrectly it seems) that
REQUEST_URI
will never contain a hostname.POC patch attached - although this issue has never come up before (probably because most clients are HTTP/1.1 compliant in this regard and send proper requests - the requirement to accept a fully qualified address is only for backward compatibility with HTTP/1.0), so I'm not sure whether the real bug lies with the client.