You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If a persistent identifier or a filename contains a space character, invalid redirection locations are returned. Redirections with invalid location URIs are causing problems with http clients like org.apache.httpcomponents:httpclient:4.5.*
First redirect: 301 Location: https://viewer.goobi.io/content/PPN407465633d27352e322e27_40636c6173736e756d3d2733322e27_407369673d2733322f303827/800/0/00%20000001.tif (ok)
Second redirect: 302 Location: https://viewer.goobi.io/api/v1/records/PPN407465633d27352e322e27_40636c6173736e756d3d2733322e27_407369673d2733322f303827/files/images/00 000001/full/800,/0/default.tif (invalid)
Expected: Location: https://viewer.goobi.io/api/v1/records/PPN407465633d27352e322e27_40636c6173736e756d3d2733322e27_407369673d2733322f303827/files/images/00%20000001/full/800,/0/default.tif
The result is: {"status":404,"message":"Image source not found: /opt/digiverso/viewer/data/2/media/PPN407465633d27352e322e27_40636c6173736e756d3d2733322e27_407369673d2733322f303827/00 000001"}
Status is ok (I tried to fetch a non existing image.), but sending a full path is information disclosure and should be fixed too.
If a persistent identifier or a filename contains a space character, invalid redirection locations are returned. Redirections with invalid location URIs are causing problems with http clients like org.apache.httpcomponents:httpclient:4.5.*
Steps to reproduce:
Case 1: Space character in filename
https://viewer.goobi.io/viewer/content/PPN407465633d27352e322e27_40636c6173736e756d3d2733322e27_407369673d2733322f303827/800/0/00%20000001.tif
First redirect: 301
Location: https://viewer.goobi.io/content/PPN407465633d27352e322e27_40636c6173736e756d3d2733322e27_407369673d2733322f303827/800/0/00%20000001.tif(ok)Second redirect: 302
Location: https://viewer.goobi.io/api/v1/records/PPN407465633d27352e322e27_40636c6173736e756d3d2733322e27_407369673d2733322f303827/files/images/00 000001/full/800,/0/default.tif(invalid)Expected:
Location: https://viewer.goobi.io/api/v1/records/PPN407465633d27352e322e27_40636c6173736e756d3d2733322e27_407369673d2733322f303827/files/images/00%20000001/full/800,/0/default.tifThe result is:
{"status":404,"message":"Image source not found: /opt/digiverso/viewer/data/2/media/PPN407465633d27352e322e27_40636c6173736e756d3d2733322e27_407369673d2733322f303827/00 000001"}Status is ok (I tried to fetch a non existing image.), but sending a full path is information disclosure and should be fixed too.
Case 2: Space character in persistent identifier
https://viewer.goobi.io/viewer/content/PPN407465633d2%207352e322e27_40636c6173736e756d3d2733322e27_407369673d2733322f303827/800/0/00000001.tif
First redirect: 301
Location: https://viewer.goobi.io/content/PPN407465633d2%207352e322e27_40636c6173736e756d3d2733322e27_407369673d2733322f303827/800/0/00000001.tif(ok)Second redirect: 302
Location: https://viewer.goobi.io/api/v1/records/PPN407465633d2 7352e322e27_40636c6173736e756d3d2733322e27_407369673d2733322f303827/files/images/00000001/full/800,/0/default.tif(invalid)Expected:
Location: https://viewer.goobi.io/api/v1/records/PPN407465633d2%207352e322e27_40636c6173736e756d3d2733322e27_407369673d2733322f303827/files/images/00000001/full/800,/0/default.tifThe result is
HTTP Status 500 – Internal Server Error. I would expect a 404 status here.The text was updated successfully, but these errors were encountered: