I created a ticket a bit too quickly and saw the message that I should rather submit the bug here first to confirm that it is indeed a bug. So here it is!
I investigated further to find where it came from.
If I call directly the url with a web browser, the url params are ok (not duplicated)
If I change the url in the scheduled task to point to another website on another server, the url params are ok (not duplicated)
If I change back the url in the scheduled task to point to the website on the same server, the url params are duplicated
Maybe it’s not coming from the sender (Lucee), but from the receiver (IIS, Website itself, or whatever is between Lucee and the website like a proxy). I’ll come back when I find out!
In IIS, we use the URL Rewrite to redirect http request to https request, like that :
See the problem? The person who created this rule did a mistake. REQUEST_URI already contains the url params, so if the checkbox Append query string is checked, it will duplicate the url params.
This raises a question. In the scheduled task, the url is well specified in HTTPS. Does Lucee make the HTTP call first anyway?
Besides of what is happening in this issue… is the scheduler server and the web server on the same box in a classic environment? If so, then it would make sense to make the URL call Tomcat directly through port 8888 ( bypassing IIS ).
So, is it possible that Lucee makes the scheduled task call in HTTP even if the url is in HTTPS?
Or maybe it first makes the call over https and it fails for some reason I don’t know, then tries over http, and if there’s a rewrite rule, there’s a redirect and there it works?
Indeed, it is another rewrite rule (canonical domain) that is misconfigured. It redirects to the site in HTTP… Shame on me…
In my defense, I didn’t make this particular website. Sorry to waste so much time on this. Twice it was a rewrite rule issue. Can I buy you a coffee (or a huge bag of coffee beans) to make amends?
It’s all good when you call https://www.example.com in the web browser because the HTTP_HOST will be www.example.com, exactly like the pattern in the URL Rewrite Rule. So no redirect will happens.
But Lucee call the domain with the port like that : https://www.example.com:443, so the HTTP_HOST will be www.example.com:443 and it doesn’t match the pattern, so a redirect happens. But the developer forgot to edit this URL Rewrite Rule when he migrated the site from http to https. The redirection was in http.
I’ll make the correction and maybe adjust the pattern too.
Come on @TonyMonast!!! No shame at all!!! We’ve all been there in very similar situations. That’s been a very interesting read and a very valuable post for future refernce. Glad you worked it out with @martin s and the others help.