[
https://issues.apache.org/jira/browse/HTTPCLIENT-1995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17153560#comment-17153560
]
Mark Mielke commented on HTTPCLIENT-1995:
-----------------------------------------
There is no requirement that Apache HttpClient uses a broken implementation
from Oracle. I didn't really look if Oracle's implementation is broken or not,
as it is immaterial.
There is also no moral indignation here. Or maybe there is, but that's not
really the intent. This is a *technical* issue. This is a disagreement about
how to interpret a specification, and possibly also a disagreement about
whether it is ok to defer judgement to Oracle's URI class without any
independent thought or check against the specification before using it.
What is material, is that the one version of Apache HttpClient was working, and
then a patch version caused it to no longer be working. This was the result of
a chain of events that comes down to a difference in interpretation, and leads
to the unfortunate conclusion that, as [~olegk] agrees with me: "If you cannot
get over it please disable URI normalization or migrate to anther client."
That's where we are. Oleg's way or the highway. Luckily, there is many highways
available.
> Percent-encoded ampersand in URI path not preserved
> ---------------------------------------------------
>
> Key: HTTPCLIENT-1995
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1995
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 4.5.8, 4.5.9
> Environment: Linux Mint 19, OpenJDK 8
> Reporter: none_
> Priority: Major
>
> Starting with HttpClient 4.5.8, percent-encoded ampersand characters in URI
> path segments are not preserved any longer but written in decoded form to
> wire due to path normalization performed by URIUtils.rewriteURI(URI,
> HttpHost).
>
> According to RFC 3986 (page 11+), the ampersand character is a delimiter and
> thus needs to be percent-encoded when not used for this purpose. Path
> normalization, as performed by HttpClient v4.5.8+, creates a new URI that is
> not equivalent to the original URI and thus leads to misinterpretation on
> server/receiver side.
> ??URIs that differ in the replacement of a reserved character with its??
> ??corresponding percent-encoded octet are not equivalent. Percent-??
> ??encoding a reserved character, or decoding a percent-encoded octet??
> ??that corresponds to a reserved character, will change how the URI is??
> ??interpreted by most applications??.
>
> A very simple test case is as follows:
> {code:java}
> @Test
> public void testAmpersand() throws Throwable
> {
> final URI uri = new
> URI("http://example.org/some/path%26with%20percent/encoded/segments";);
> final URI uri2 = URIUtils.rewriteURI(uri, null);
>
> Assert.assertEquals(uri, uri2);
> }
> {code}
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
