You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Benoit Maisonny <be...@synclude.com> on 2008/04/24 12:05:27 UTC
Default servlet doesn't encode URI on redirect?
Hi,
I see weird URI encoding behaviour from DefaultServlet when a redirect
occurs.
Context: Tomcat 5.5.25, with the Connector configured with
URIEncoding="UTF-8". User wants to list the contents of a directory
served by DefaultServlet. The directory's name contains a non-ASCII
character (e with acute accent, for example: Unicode x00E9).
Use case (see details in HTTP conversation transcript below):
1. User requests URL of a directory without a trailing /. The browser
encodes the special character as %C3%A9.
2. DefaultServlet responds with HTTP 302 redirection with trailing /
but does not encode the URI, so the non-ASCII character travels
unescaped.
3. The browser follows the redirection by encoding the e acute as %E9.
4. DefaultServlet rightfully responds with HTTP 404 because no
directory exists with whatever %E9 is unescaped into in its name.
When the user requests the same directory with the trailing /,
DefaultServlet serves the directory listing as expected.
I suspect someone forgot to encode the URI in the Location: HTTP header
on the 302 response, but maybe there is something missing in our
configuration?
Thanks for any insight,
Benoit
======== REQUEST from a browser ==========
http://localhost:8180/gv-publications/h%C3%A9h%C3%A9/draft
GET /gv-publications/h%C3%A9h%C3%A9/draft HTTP/1.1
Host: localhost:8180
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.14)
Gecko/20080418 Ubuntu/7.10 (gutsy) Firefox/2.0.0.14
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: fr-fr,en;q=0.7,en-gb;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
======== 1st RESPONSE from Default Servlet =============
HTTP/1.x 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://localhost:8180/gv-publications/héhé/draft/
Transfer-Encoding: chunked
Date: Wed, 23 Apr 2008 13:02:13 GMT
======== 2nd REQUEST by browser (following redirection) =======
http://localhost:8180/gv-publications/h%E9h%E9/draft/
GET /gv-publications/h%E9h%E9/draft/ HTTP/1.1
Host: localhost:8180
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.14)
Gecko/20080418 Ubuntu/7.10 (gutsy) Firefox/2.0.0.14
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: fr-fr,en;q=0.7,en-gb;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
======== 2nd RESPONSE from Default Servlet =============
HTTP/1.x 404 /gv-publications/h%E9h%E9/draft/
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 1168
Date: Wed, 23 Apr 2008 13:02:13 GMT
======== End of HTTP conversation =======================
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Default servlet doesn't encode URI on redirect?
Posted by Mark Thomas <ma...@apache.org>.
Benoit Maisonny wrote:
>
> Sorry, not always easy to keep a thread with the huge traffic on this list.
>
> Christopher Schultz wrote:
> Benoit,
>
> Benoit Maisonny wrote:
> | Christopher Schultz wrote:
> |>
> |> Benoit,
> |>
> |> Benoit Maisonny wrote:
> |> | I suspect someone forgot to encode the URI in the Location: HTTP
> header
> |> | on the 302 response, but maybe there is something missing in our
> |> | configuration?
> |>
> |> What is the default character set of the running JVM?
> |
> | UTF-8, according to java.nio.charset.Charset.defaultCharset().name().
> | The JVM is a 1.6.0_03, BTW.
>
> How about checking the value of the system property "file.encoding"?
>
>> UTF-8 as well.
>
>
>> Benoit
Sorry for the delay in replying. This has been sat in my to do list. This
is https://issues.apache.org/bugzilla/show_bug.cgi?id=43914 which is fixed
in 5.5.26.
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Default servlet doesn't encode URI on redirect?
Posted by Benoit Maisonny <be...@synclude.com>.
Sorry, not always easy to keep a thread with the huge traffic on this list.
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Benoit,
>
> Benoit Maisonny wrote:
> | Christopher Schultz wrote:
> |>
> |> Benoit,
> |>
> |> Benoit Maisonny wrote:
> |> | I suspect someone forgot to encode the URI in the Location: HTTP
> header
> |> | on the 302 response, but maybe there is something missing in our
> |> | configuration?
> |>
> |> What is the default character set of the running JVM?
> |
> | UTF-8, according to java.nio.charset.Charset.defaultCharset().name().
> | The JVM is a 1.6.0_03, BTW.
>
> How about checking the value of the system property "file.encoding"?
UTF-8 as well.
Benoit
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkgR2LoACgkQ9CaO5/Lv0PAqTQCfZSxBip+lUCInkgCdSOnKlx0V
> w3kAoKEy/5rMxJVe+Y2wUIRa0+Pk3w3e
> =2jSq
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Default servlet doesn't encode URI on redirect?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Benoit,
Benoit Maisonny wrote:
| Christopher Schultz wrote:
|>
|> Benoit,
|>
|> Benoit Maisonny wrote:
|> | I suspect someone forgot to encode the URI in the Location: HTTP header
|> | on the 302 response, but maybe there is something missing in our
|> | configuration?
|>
|> What is the default character set of the running JVM?
|
| UTF-8, according to java.nio.charset.Charset.defaultCharset().name().
| The JVM is a 1.6.0_03, BTW.
How about checking the value of the system property "file.encoding"?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkgR2LoACgkQ9CaO5/Lv0PAqTQCfZSxBip+lUCInkgCdSOnKlx0V
w3kAoKEy/5rMxJVe+Y2wUIRa0+Pk3w3e
=2jSq
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Default servlet doesn't encode URI on redirect?
Posted by Benoit Maisonny <be...@synclude.com>.
Christopher Schultz wrote:
>
> Benoit,
>
> Benoit Maisonny wrote:
> | I suspect someone forgot to encode the URI in the Location: HTTP header
> | on the 302 response, but maybe there is something missing in our
> | configuration?
>
> What is the default character set of the running JVM?
UTF-8, according to java.nio.charset.Charset.defaultCharset().name().
The JVM is a 1.6.0_03, BTW.
Benoit
>
> - -chris
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Default servlet doesn't encode URI on redirect?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Benoit,
Benoit Maisonny wrote:
| I suspect someone forgot to encode the URI in the Location: HTTP header
| on the 302 response, but maybe there is something missing in our
| configuration?
What is the default character set of the running JVM?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkgQsOQACgkQ9CaO5/Lv0PBnggCgwtS6JrZ7Ten98A7ELJsOF4mi
XXYAoL/6gh+2tmJus0bOvpneUU2TaivA
=PotQ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org