You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/07/01 20:16:46 UTC
[tomcat] 01/05: Make partial PUT processing optional but still
enabled by default
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit bb497d62e1405c8ba56d1910672d8c476e0b8dba
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Jul 1 13:28:31 2019 +0100
Make partial PUT processing optional but still enabled by default
---
conf/web.xml | 5 +++++
.../apache/catalina/servlets/DefaultServlet.java | 22 ++++++++++++++++++++++
webapps/docs/changelog.xml | 6 ++++++
webapps/docs/default-servlet.xml | 5 +++++
4 files changed, 38 insertions(+)
diff --git a/conf/web.xml b/conf/web.xml
index 4106441..9c0a248 100644
--- a/conf/web.xml
+++ b/conf/web.xml
@@ -104,6 +104,11 @@
<!-- showServerInfo Should server information be presented in the -->
<!-- response sent to clients when directory -->
<!-- listings is enabled? [true] -->
+ <!-- -->
+ <!-- allowPartialPut Should the server treat an HTTP PUT request -->
+ <!-- with a Range header as a partial PUT? Note -->
+ <!-- that RFC 7233 clarified that Range headers are -->
+ <!-- only valid for GET requests. [true] -->
<servlet>
<servlet-name>default</servlet-name>
diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java b/java/org/apache/catalina/servlets/DefaultServlet.java
index d5b9ab0..5ddfcb8 100644
--- a/java/org/apache/catalina/servlets/DefaultServlet.java
+++ b/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -271,6 +271,12 @@ public class DefaultServlet extends HttpServlet {
*/
protected transient SortManager sortManager;
+ /**
+ * Flag that indicates whether partial PUTs are permitted.
+ */
+ private boolean allowPartialPut = true;
+
+
// --------------------------------------------------------- Public Methods
/**
@@ -371,6 +377,10 @@ public class DefaultServlet extends HttpServlet {
sortManager = new SortManager(sortDirectoriesFirst);
}
}
+
+ if (getServletConfig().getInitParameter("allowPartialPut") != null) {
+ allowPartialPut = Boolean.parseBoolean(getServletConfig().getInitParameter("allowPartialPut"));
+ }
}
private CompressionFormat[] parseCompressionFormats(String precompressed, String gzip) {
@@ -1444,6 +1454,18 @@ public class DefaultServlet extends HttpServlet {
HttpServletResponse response,
WebResource resource) throws IOException {
+ if (!"GET".equals(request.getMethod())) {
+ // RFC 7233#3.1 clarifies the intention of RFC 2616 was to only
+ // allow Range headers on GET requests. However, many people
+ // incorrectly read RFC 2616#14.35.1 as allowing partial PUT and
+ // implemented. Tomcat was one such implementation. It is optionally
+ // allowed to retain compatibility with clients that use it.
+ if (!allowPartialPut || !"PUT".equals(request.getMethod())) {
+ return FULL;
+ }
+ }
+
+
// Checking If-Range
String headerValue = request.getHeader("If-Range");
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3c2105c..14ab5f8 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -59,6 +59,12 @@
When comparing a date from a <code>If-Range</code> header, an exact
match is required. Based on a pull request by zhanhb. (markt)
</fix>
+ <fix>
+ Add an option to the default servlet to disable processing of PUT
+ requests with Range headers as partial PUTs. The default behaviour
+ (processing as partial PUT) is unchanged. Based on a pull request by
+ zhanhb. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
diff --git a/webapps/docs/default-servlet.xml b/webapps/docs/default-servlet.xml
index a515f73..cd7d30e 100644
--- a/webapps/docs/default-servlet.xml
+++ b/webapps/docs/default-servlet.xml
@@ -201,6 +201,11 @@ Tomcat.</p>
<property name="sortDirectoriesFirst">
Should the server list all directories before all files. [false]
</property>
+ <property name="allowPartialPut">
+ Should the server treat an HTTP PUT request with a Range header as a
+ partial PUT? Note that RFC 7233 clarified that Range headers are only
+ valid for GET requests. [true]
+ </property>
</properties>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org