Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-3120

HTTP 302 Redirect from HTTP to HTTPS is possible invalid

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Resolved Locally
    • Icon: Low Low
    • None
    • None
    • None
    • None 

      $ wget -O - 'http://stash.acme.com/'
--2013-02-14 15:27:32--  http://stash.acme.com/
Resolving stash.acme.com... [skipped]
Connecting to stash.acme.com|xx.xx.xx.xx|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://stash.acme.com/login [following]
--2013-02-14 15:27:32--  https://stash.acme.com/login
Connecting to stash.acme.com|xx.xx.xx.xx|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6056 (5.9K) [text/html]
Saving to: ‘STDOUT’

      See what happened:
      1. Browser send GET on HTTP (80 port), cookies does not send, cos cookies is setup for HTTPS domain.
      2. Stash not found remember_me and session cookie and send redirect to /login.
      3. Tomcat forward HTTP to HTTPS.

      As result user have page on HTTPS domain, with valid session cookies, but Stash show him 'Login' page as his is not logged in.

      Also see STASH-3118 — it for the same error but from other side.

          Form Name

            [BSERV-3120] HTTP 302 Redirect from HTTP to HTTPS is possible invalid

              Unassigned Unassigned
              3652ed9ede2e Alexey Efimov
              Affected customers:
              0 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: