https://bz.apache.org/bugzilla/show_bug.cgi?id=62415
Bug ID: 62415
Summary: RFC 7230/3986 url requirement that prevents unencoded
brackets should be optional, since it breaks existing
sites
Product: Tomcat 8
Version: 8.5.x-trunk
Hardware: PC
Status: NEW
Severity: blocker
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: remo.me...@adnovum.ch
Target Milestone: ----
About the same as "Bug 60594 - RFC 7230/3986 url requirement that prevents
unencoded curly braces should be optional, since it breaks existing sites" but
for other characters.
e.g. JSON:API specification performs filtering with:
GET /comments?filter[post]=1 HTTP/1.1
see http://jsonapi.org/recommendations/.
In Tomcat it does not seem to be supported anymore. Newer tomcat sources make
use:
String prop =
System.getProperty("tomcat.util.http.parser.HttpParser.requestTargetAllow");
if (prop != null) {
for (int i = 0; i < prop.length(); i++) {
char c = prop.charAt(i);
if (c == '{' || c == '}' || c == '|') {
REQUEST_TARGET_ALLOW[c] = true;
} else {
log.warn(sm.getString("http.invalidRequestTargetCharacter",
Character.valueOf(c)));
}
}
}
But for some reason it only supports { } and |. It should [] and likely any
other character as well. Currently it is not possible to use (current) Tomcat
as well for such applications.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
