In the cases where url are sent in headers we dont must to sanitize it.

Issue: 103288
genexuslabs · Jun 20, 2023 · 3299bb2 · 3299bb2
1 parent 03c8f6b
commit 3299bb2
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/gxweb/src/main/java/com/genexus/internet/HttpAjaxContext.java b/gxweb/src/main/java/com/genexus/internet/HttpAjaxContext.java
@@ -1358,7 +1358,7 @@ public void redirect_impl(String url, IGXWindow win) {
 
 			if (isSpaRequest(true)) {
 				pushUrlSessionStorage();
-				getResponse().setHeader(GX_SPA_REDIRECT_URL, url + popLvlParm);
+				getResponse().setHeader(GX_SPA_REDIRECT_URL, url + popLvlParm, false);
 				sendCacheHeaders();
 			} else {
 				redirect_http(url + popLvlParm);

diff --git a/java/src/main/java/com/genexus/webpanels/HttpContextWeb.java b/java/src/main/java/com/genexus/webpanels/HttpContextWeb.java
@@ -1318,7 +1318,7 @@ protected void redirect_http(String url) {
 				} else {
 					pushUrlSessionStorage();
 					if (useCustomRedirect()) {
-						getResponse().setHeader("Location", url);
+						getResponse().setHeader("Location", url, false);
 						getRequest().setAttribute("gx_webcall_method", "customredirect");
 						getResponse().setStatus(HttpServletResponse.getSC_MOVED_TEMPORARILY());
 					} else {
@@ -1336,7 +1336,7 @@ private void doRedirect(String url) throws IOException {
 		getRequest().setAttribute("gx_webcall_method", "redirect");
 		// getResponse().sendRedirect(url); No retornamos 302 sino 301, debido al SEO.
 		response.setStatus(HttpServletResponse.getSC_MOVED_PERMANENTLY());
-		response.setHeader("Location", url);
+		response.setHeader("Location", url, false);
 		sendCacheHeaders();
 	}