You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2018/09/18 09:50:36 UTC
[Bug 62731] New: HandshakeRequest has a relative URL
https://bz.apache.org/bugzilla/show_bug.cgi?id=62731
Bug ID: 62731
Summary: HandshakeRequest has a relative URL
Product: Tomcat 9
Version: 9.0.12
Hardware: PC
OS: Linux
Status: NEW
Severity: major
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: boris_petrov@live.com
Target Milestone: -----
I opened an issue in CometD about a NPE in their code:
https://github.com/cometd/cometd/issues/791
According to the supporter of CometD, this is actually an issue with Tomcat:
https://github.com/cometd/cometd/issues/791#issuecomment-422322833
He's saying that "request.getRequestURI()" should return an absolute URI in
order to be able to get the schema as there is no other API for that. Please
check the link for his exact words.
I could probably come up with a reproduction project if one is needed.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 62731] HandshakeRequest has a relative URL
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62731
--- Comment #2 from Remy Maucherat <re...@apache.org> ---
But then actually using this sort of input is highly risky :(
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 62731] HandshakeRequest has a relative URL
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62731
--- Comment #3 from Mark Thomas <ma...@apache.org> ---
Indeed. However, it isn't that different from the current behaviour which only
differs in that the scheme, host and port aren't present. The risky part (the
undecoded, unnormalized path) is the same.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 62731] HandshakeRequest has a relative URL
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62731
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Similar to https://github.com/eclipse-ee4j/websocket-api/issues/228
On balance the full, undecoded, unnormalized URI including query string looks
to the the right thing to return.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 62731] HandshakeRequest has a relative URL
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62731
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #4 from Mark Thomas <ma...@apache.org> ---
Fixed in:
9.0.x for 9.0.13 onwards
8.5.x for 8.5.35 onwards
7.0.x for 7.0.92 onwards
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org