You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2018/05/29 09:34:39 UTC
[Bug 62415] New: RFC 7230/3986 url requirement that prevents
unencoded brackets should be optional, since it breaks existing sites
https://bz.apache.org/bugzilla/show_bug.cgi?id=62415
Bug ID: 62415
Summary: RFC 7230/3986 url requirement that prevents unencoded
brackets should be optional, since it breaks existing
sites
Product: Tomcat 8
Version: 8.5.x-trunk
Hardware: PC
Status: NEW
Severity: blocker
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: remo.meier@adnovum.ch
Target Milestone: ----
About the same as "Bug 60594 - RFC 7230/3986 url requirement that prevents
unencoded curly braces should be optional, since it breaks existing sites" but
for other characters.
e.g. JSON:API specification performs filtering with:
GET /comments?filter[post]=1 HTTP/1.1
see http://jsonapi.org/recommendations/.
In Tomcat it does not seem to be supported anymore. Newer tomcat sources make
use:
String prop =
System.getProperty("tomcat.util.http.parser.HttpParser.requestTargetAllow");
if (prop != null) {
for (int i = 0; i < prop.length(); i++) {
char c = prop.charAt(i);
if (c == '{' || c == '}' || c == '|') {
REQUEST_TARGET_ALLOW[c] = true;
} else {
log.warn(sm.getString("http.invalidRequestTargetCharacter",
Character.valueOf(c)));
}
}
}
But for some reason it only supports { } and |. It should [] and likely any
other character as well. Currently it is not possible to use (current) Tomcat
as well for such applications.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 62415] RFC 7230/3986 url requirement that prevents unencoded
brackets should be optional, since it breaks existing sites
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62415
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |DUPLICATE
OS| |All
Status|NEW |RESOLVED
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
http://jsonapi.org/recommendations/ is not compliant with RFC 7230/3986. I
suggest you open a bug.
Bug 62273 implemented an extended range of options for relaxing the
requirements of RFC 7230/3986 that should be sufficient for you to work-around
the problem until such time that the root causes are fixed.
Note that the indications are that the browser vendors do not consider this
specification non-compliance as a bug.
*** This bug has been marked as a duplicate of bug 62273 ***
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org