You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Rossen Stoyanchev <rs...@pivotal.io> on 2017/06/13 20:30:58 UTC
AsynContext.dispatch() with encoded URI
hi,
The spec says:
"If the AsyncContext was initialized via the startAsync(ServletRequest,
ServletResponse) and the request passed is an instance of
HttpServletRequest , then the dispatch is to the URI returned by
HttpServletRequest.getRequestURI()"
However AsyncContextImpl seems to be using the servletPath:
https://github.com/apache/tomcat/blob/9af8708d7ea3817df47f34146a6ff802d96980fa/java/org/apache/catalina/core/AsyncContextImpl.java#L156-L163
So given a URL with an encoded slash (and
UDecoder.ALLOW_ENCODED_SLASH=true):
/foo/vv%2F1234/add/2
The dispatch ends up going to:
/foo/vv/1234/add/2
Is this intentional? It contradicts the spec.
Thanks,
Rossen
Re: AsynContext.dispatch() with encoded URI
Posted by Rossen Stoyanchev <rs...@pivotal.io>.
Issue created https://bz.apache.org/bugzilla/show_bug.cgi?id=61185.
On Tue, Jun 13, 2017 at 6:25 PM, Mark Thomas <ma...@apache.org> wrote:
> On 13/06/17 21:30, Rossen Stoyanchev wrote:
> > hi,
> >
> > The spec says:
> >
> > "If the AsyncContext was initialized via the startAsync(ServletRequest,
> > ServletResponse) and the request passed is an instance of
> > HttpServletRequest , then the dispatch is to the URI returned by
> > HttpServletRequest.getRequestURI()"
> >
> > However AsyncContextImpl seems to be using the servletPath:
> > https://github.com/apache/tomcat/blob/9af8708d7ea3817df47f34146a6ff8
> 02d96980fa/java/org/apache/catalina/core/AsyncContextImpl.java#L156-L163
> >
> > So given a URL with an encoded slash (and
> > UDecoder.ALLOW_ENCODED_SLASH=true):
> > /foo/vv%2F1234/add/2
> >
> > The dispatch ends up going to:
> > /foo/vv/1234/add/2
> >
> > Is this intentional? It contradicts the spec.
>
> The commit that introduced this change is:
> https://svn.apache.org/viewvc?view=revision&revision=1497474
>
> The fix to ServletRequest.getContextPath() was made a little later:
> https://svn.apache.org/viewvc?view=revision&revision=1593621
>
> This looks like a fairly minor bug that should be an easy fix. Please
> open a bugzilla issue for this.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: AsynContext.dispatch() with encoded URI
Posted by Mark Thomas <ma...@apache.org>.
On 13/06/17 21:30, Rossen Stoyanchev wrote:
> hi,
>
> The spec says:
>
> "If the AsyncContext was initialized via the startAsync(ServletRequest,
> ServletResponse) and the request passed is an instance of
> HttpServletRequest , then the dispatch is to the URI returned by
> HttpServletRequest.getRequestURI()"
>
> However AsyncContextImpl seems to be using the servletPath:
> https://github.com/apache/tomcat/blob/9af8708d7ea3817df47f34146a6ff802d96980fa/java/org/apache/catalina/core/AsyncContextImpl.java#L156-L163
>
> So given a URL with an encoded slash (and
> UDecoder.ALLOW_ENCODED_SLASH=true):
> /foo/vv%2F1234/add/2
>
> The dispatch ends up going to:
> /foo/vv/1234/add/2
>
> Is this intentional? It contradicts the spec.
The commit that introduced this change is:
https://svn.apache.org/viewvc?view=revision&revision=1497474
The fix to ServletRequest.getContextPath() was made a little later:
https://svn.apache.org/viewvc?view=revision&revision=1593621
This looks like a fairly minor bug that should be an easy fix. Please
open a bugzilla issue for this.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org