Fwd: Content-Type is turned to lower when passed through mod_jk - this looks to be a bug.

2017-10-15 Thread Mark O'Donohue 
Hi

Just wanted an opinion on this before I logged a bug report against mod_jk.c


Running our proxied request via mod_jk we are seeing the returned content-type
being changing to all lowercase:

eg:

  Content-Type: application/xxx..+*JSON*; charset=utf-8

to:

  Content-Type: application/xxx..+*json*; charset=utf-8


We thought this was tomcat at first, but turns out to be mod_jk.c that is
the cause :

http://svn.apache.org/repos/asf/tomcat/jk/trunk/native/apache-2.0/mod_jk.c



*for* *(*h *=* 0*;* h *<* num_of_headers*;* h*++)* *{*

*if* *(!*strcasecmp*(*header_names*[*h*],* "Content-type"*))* *{*

char ***tmp *=* apr_pstrdup*(*r*->*pool*,* header_values*[*h
*]);*

ap_content_type_tolower*(*tmp*);*

/* It should be done like this in Apache 2.0 */

/* This way, Apache 2.0 will be able to set the output filter */

/* and it make jk useable with deflate using */

/* AddOutputFilterByType DEFLATE text/html */

ap_set_content_type*(*r*,* tmp*);*

*}*



Now on the validity of upper vs lower - it seems a little bit of a grey
area:

https://www.w3.org/Protocols/rfc1341/4_Content-Type.html



The type, subtype, and parameter names are not case sensitive. For example,
TEXT, Text, and TeXt are all equivalent. Parameter values are normally case
sensitive, but certain parameters are interpreted to be case- insensitive,
depending on the intended use. (For example, multipart boundaries are
case-sensitive, but the "access- type" for message/External-body is not
case-sensitive.)





But as a proxy we dont have an opinion - we just want to pass on what we
get !


Also if we run the request via mod_proxy/*mod_proxy_ajp.c* instead then the
returned content-type header is *not *changed.

So should I open a bug against mod_jk for it?


Cheers - Mark

Re: Tomcat keeps changing my web.xml listener-class

2017-10-15 Thread Blake McBride 
Never mind.  Found the problem.  It wasn't tomcat, it was me.

Thanks!

Blake


On Sun, Oct 15, 2017 at 3:19 PM, Blake McBride  wrote:

> Hi,
>
> I am running tomcat 8.5.16 with 64 bit Oracle Java 8.0.144 on a LinuxMint
> box.  My Java REST app worked fine until I renamed my packages.  So, for
> example, my startup listener was in a package named:
>
> com.abc.utils.StartupListner
>
> webapps/myapp/WEB-INF/web.xml reflected that with:
>
> com.abc.utils.StartupListener
>
> and it all worked.  I change all my classes and I changed
> webapps/myapp/WEB-INF/web.xml to:
>
> io.def.utils.StartupListener
>
> However, whenever I startup tomcat my something is changing
> webapps/myapp/WEB-INF/web.xml back to:
>
> com.abc.utils.StartupListener
>
> I updated webapps/myapp/WEB-INF/web.xml back to:
>
> io.def.utils.StartupListener
>
> and then searched everything in the tomcat tree for "com.abc" but it
> didn't exist anywhere.  However, when I run tomcat again, it again changes
> webapps/myapp/WEB-INF/web.xml back to:
>
> com.abc.utils.StartupListener
>
> My app is not being distributed as a war file.  I have it all extracted
> under the webapps directory.
>
> I can't figure out what is causing tomcat to remember the old package
> path.  Sure appreciate any help.
>
> Thanks!
>
> Blake McBride
>
>
>
>

Tomcat keeps changing my web.xml listener-class

2017-10-15 Thread Blake McBride 
Hi,

I am running tomcat 8.5.16 with 64 bit Oracle Java 8.0.144 on a LinuxMint
box.  My Java REST app worked fine until I renamed my packages.  So, for
example, my startup listener was in a package named:

com.abc.utils.StartupListner

webapps/myapp/WEB-INF/web.xml reflected that with:

com.abc.utils.StartupListener

and it all worked.  I change all my classes and I changed
webapps/myapp/WEB-INF/web.xml to:

io.def.utils.StartupListener

However, whenever I startup tomcat my something is changing
webapps/myapp/WEB-INF/web.xml back to:

com.abc.utils.StartupListener

I updated webapps/myapp/WEB-INF/web.xml back to:

io.def.utils.StartupListener

and then searched everything in the tomcat tree for "com.abc" but it didn't
exist anywhere.  However, when I run tomcat again, it again changes
webapps/myapp/WEB-INF/web.xml back to:

com.abc.utils.StartupListener

My app is not being distributed as a war file.  I have it all extracted
under the webapps directory.

I can't figure out what is causing tomcat to remember the old package
path.  Sure appreciate any help.

Thanks!

Blake McBride

Re: URL-encoding and "#"

2017-10-15 Thread Alex O'Ree 
What was unexpected for me, was that even if the the symbol is URL
encoded, it was still stripped out by tomcat. I understand now
allowing a backslash in a URL, however if it is URL encoded as
%5C then why not allow it? Maybe I'm missing something

On Fri, Oct 13, 2017 at 7:17 AM, i...@flyingfischer.ch
 wrote:
> Am 13.10.2017 um 12:48 schrieb Alex O'Ree:
>> Well that explains a lot. Similar issue for me. With url encoding,  tomcat
>> is dropping back slash and the plus symbol.
>
> While I think it is perfectly eligible to strive for a most perfect
> alignement with standards and specs, I think Tomcat should allow a
> reasonnable set of characters to be optionally allowed (as they already
> are in Tomcat up to 8.5).
>
> I am aware that these options may be a security issue and that the
> documentation should state that clearly. However it is not always
> possible to correct the environment to be "standard" compatible and the
> educational approach by not allowing these options is understandable but
> may be not appropriate in many situations.
>
> Best regards
> Markus
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org