HTTPURLConnection Doesn’t Follow Redirect from HTTP to HTTPS

by

Redirects are followed only if they use the same protocol. (See the followRedirect() method in the source.) There is no way to disable this check.

Even though we know it mirrors HTTP, from the HTTP protocol point of view, HTTPS is just some other, completely different, unknown protocol. It would be unsafe to follow the redirect without user approval.

For example, suppose the application is set up to perform client authentication automatically. The user expects to be surfing anonymously because he’s using HTTP. But if his client follows HTTPS without asking, his identity is revealed to the server.

More Related Contents:

  1. Spring Boot redirect HTTP to HTTPS
  2. Trusting all certificates using HttpClient over HTTPS
  3. Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  4. Unrecognized SSL message, plaintext connection? Exception
  5. How to fix the “java.security.cert.CertificateException: No subject alternative names present” error?
  6. How to handle invalid SSL certificates with Apache HttpClient? [duplicate]
  7. How do I do a HTTP GET in Java? [duplicate]
  8. POST request send JSON data Java HttpUrlConnection
  9. How to connect via HTTPS using Jsoup?
  10. Converting a Java Keystore into PEM Format
  11. HttpURLConnection Invalid HTTP method: PATCH
  12. how to Capture https with fiddler, in java
  13. Simple Java HTTPS server
  14. SSLHandshakeException: No subject alternative names present
  15. How to do dynamic URL redirects in Struts 2?
  16. How to get response body using HttpURLConnection, when code other than 2xx is returned?
  17. Redirect Runtime.getRuntime().exec() output with System.setOut();
  18. Enabling specific SSL protocols with Android WebViewClient
  19. How to override DNS in HTTP connections in Java
  20. Parse JSON from HttpURLConnection object
  21. Read error response body in Java
  22. How do I serve https and http for Jetty from one port?
  23. Cannot write output after reading input
  24. How to modify the header of a HttpUrlConnection
  25. IOException: “Received authentication challenge is null” (Apache Harmony/Android)
  26. Can I override the Host header where using java’s HttpUrlConnection class?
  27. javax.net.ssl.SSLException: SSL handshake aborted Connection reset by peer while calling webservice Android
  28. Android SSL HttpGet (No peer certificate) error OR (Connection closed by peer) error
  29. Android’s HttpURLConnection throws EOFException on HEAD requests
  30. Digest authentication in Android using HttpURLConnection

Leave a Comment