You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The application responded with a redirect with HTTP status code "302 Found" whose page content had significant data volume. Typically, this page content is not displayed because the browser automatically follows the redirect.
Occasionally, redirect responses can contain sensitive data. For example, when users request a resource for which they do not have access permission, an application may issue a redirect to another resource. However, the content of the HTTP response could include the content of that resource for which they do not have access permission.
In this case, however, it is not so.
Preconditions (*)
Tested with 19.4.15,
PHP 7.4, doesn't matter
Steps to reproduce (*)
Got to page catalog advanced search
Start search for something, it doesn't matter
On the results page remove all paramters of the query in the URL
Enter some unknown arguments like result/?datumj%5Bfrom%5D=2&datumj%5Bto%5D=1 and hit enter
Expected result (*)
302 forwarding without containing data results
Error page is shown
Actual result (*)
302 forwarding containing already data results
Request:
The application responded with a redirect with HTTP status code "302 Found" whose page content had significant data volume. Typically, this page content is not displayed because the browser automatically follows the redirect.
Occasionally, redirect responses can contain sensitive data. For example, when users request a resource for which they do not have access permission, an application may issue a redirect to another resource. However, the content of the HTTP response could include the content of that resource for which they do not have access permission.
In this case, however, it is not so.
Preconditions (*)
Steps to reproduce (*)
result/?datumj%5Bfrom%5D=2&datumj%5Bto%5D=1
and hit enterExpected result (*)
Actual result (*)
Request:
Response:
A 302 forward should not contain data, see
20 Content-Length: 107229
3. Error page is shown
The text was updated successfully, but these errors were encountered: