From ff78ec00f75d1354445cf39d44fb50aaca9ba753 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Sun, 13 Sep 2009 21:22:17 +0000
Subject: [PATCH] SEC-1226: Additional Javadoc.

---
 .../springframework/security/web/DefaultRedirectStrategy.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
index 1341d567a7..53de3d9a80 100644
--- a/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/DefaultRedirectStrategy.java
@@ -18,7 +18,9 @@ public class DefaultRedirectStrategy implements RedirectStrategy {
     /**
      * Redirects the response to the supplied URL.
      * <p>
-     * If <tt>contextRelative</tt> is set, the redirect value will be the value after the request context path.
+     * If <tt>contextRelative</tt> is set, the redirect value will be the value after the request context path. Note
+     * that this will result in the loss of protocol information (HTTP or HTTPS), so will cause problems if a
+     * redirect is being performed to change to HTTPS, for example.
      */
     public void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url) throws IOException {
         String finalUrl;