From 7bc0b978c0e0047f6569040cabae330f8919f0ee Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 11 Apr 2023 17:51:24 +0200 Subject: chore(pdf-as-web): Handle error url not containing an explicit port from TUG: The servlet tries to sanitize the URL by parsing it and writing it back out. In case the input URL doesn't contain an explicit port, URL.getPort() returns -1 which leads to "https://example.com:-1/mypath" in the template which isn't the same origin as without a port and gets rejected by the browser. Instead only add a port to the resulting URL if the input contains one as well. --- .../java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets') diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java index 72128a9c..42236f5e 100644 --- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java +++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java @@ -42,8 +42,8 @@ import at.gv.egiz.pdfas.web.helper.HTMLFormater; import at.gv.egiz.pdfas.web.helper.PdfAsHelper; import at.gv.egiz.pdfas.web.helper.UrlParameterExtractor; import at.gv.egiz.pdfas.web.stats.StatisticEvent; -import at.gv.egiz.pdfas.web.stats.StatisticFrontend; import at.gv.egiz.pdfas.web.stats.StatisticEvent.Status; +import at.gv.egiz.pdfas.web.stats.StatisticFrontend; /** * Servlet implementation class ErrorPage @@ -116,11 +116,14 @@ public class ErrorPage extends HttpServlet { String template = PdfAsHelper.getErrorRedirectTemplateSL(); URL url = new URL(errorURL); - String errorURLProcessed = url.getProtocol() + "://" + // "http" + ":// - url.getHost() + // "myhost" - ":" + // ":" - url.getPort() + // "8080" - url.getPath(); + String errorURLProcessed = url.getProtocol() + "://" + url.getHost(); + if (url.getPort() != -1) { + errorURLProcessed += ":" + url.getPort(); + + } + + errorURLProcessed += url.getPath(); + template = template.replace("##ERROR_URL##", errorURLProcessed); -- cgit v1.2.3