Skip Menu |

This queue is for tickets about the POE-Component-Client-HTTP CPAN distribution.

Report information
The Basics
Id: 30399
Status: resolved
Priority: 0/
Queue: POE-Component-Client-HTTP

Owner: Nobody in particular
Requestors: hanenkamp [...]

Bug Information
Severity: Critical
Broken in: 0.82
Fixed in: (no value)

Subject: check_redirect() is over-protective when it comes to redirect loops
Download (untitled) / with headers
text/plain 1.3k
If you look at the code for check_redirect() in POE::Component::Client::HTTP::Request, it has this little snippet around line 436: my $prev = $self; my $history = 0; while ($prev = $prev->[REQ_HISTORY]) { $history++; $history = $max + 1 if ($prev->[REQ_REQUEST]->uri eq $new_uri); last if ($history > $max); } This checks for redirect loops. Unfortunately, the line: $history = $max + 1 if ($prev->[REQ_REQUEST]->uri eq $new_uri); breaks when CAS authentication is employed by some CAS clients. In such a case, I might expect the following to happen: 1. I request 2. The server wants to verify my identity, so it redirects me to: 3. The CAS server already notes I'm logged in, so it immediately redirects me back to 4. The service server helpfully redirects me one more time to strip the service ticket from the URL to In this case, the snippet is overly defensive and stops one hop short of the intended final destination. Commenting that line out in the source resolves issue. I suggest that either this be removed or an option be added that allows the end-user to turn it off.
Thanks again. Your suggestion's spot on, and I've applied the change as revision 315.

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to