You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Consider the following scenario:
Connect to a websocket endpoint ws://myserver.example/myendpoint
The server uses HTTP Basic Auth and redirects you to use wss for obvious security reasons.
(Assume redirect is enabled in tyrus client).
The reason is that tyrus uses the old (original) URL to comply with the authorization challenge, which of course results in another redirect. Since the client already followed the redirect in the current connection attempt, the infinite loop detection kicks in (see here).
I see two possible fixes:
Use the new URL to respond to the 401 challenge
Follow the redirect a second time (in other words: relax the infinite loop detection, maybe by using the threshold parameter)
The text was updated successfully, but these errors were encountered:
Observed in tyrus client 1.17.
Consider the following scenario:
Connect to a websocket endpoint ws://myserver.example/myendpoint
The server uses HTTP Basic Auth and redirects you to use wss for obvious security reasons.
(Assume redirect is enabled in tyrus client).
The flow should be as follows:
Request ws://
Response 301
Request wss:// (without credentials)
Response 401
Request wss:// (with credentials)
The actual flow is:
Request ws://
Response 301
Request wss:// (without credentials)
Response 401
Request ws:// (with credentials)
Response 301
--- infinite loop detected ---
The reason is that tyrus uses the old (original) URL to comply with the authorization challenge, which of course results in another redirect. Since the client already followed the redirect in the current connection attempt, the infinite loop detection kicks in (see here).
I see two possible fixes:
The text was updated successfully, but these errors were encountered: