[GitHub] [solr] dsmiley commented on a diff in pull request #585: SOLR-15955: Update Jetty dependency to 10

Fri, 21 Oct 2022 21:17:47 -0700 


dsmiley commented on code in PR #585:
URL: https://github.com/apache/solr/pull/585#discussion_r1002323308


##########
solr/core/src/java/org/apache/solr/client/solrj/embedded/JettySolrRunner.java:
##########
@@ -304,7 +304,11 @@ private void init(int port) {
       ServerConnector connector;
       if (sslcontext != null) {
         configuration.setSecureScheme("https");
-        configuration.addCustomizer(new SecureRequestCustomizer());
+        SecureRequestCustomizer customizer = new 
SecureRequestCustomizer(false);
+        sslcontext.setSniRequired(false);
+        customizer.setSniHostCheck(false);

Review Comment:
   Because tests don't need security, I assume?  If JettySolrRunner were moved 
to the test framework, this'd be clearer.  There doesn't appear to be anything 
stopping that.  For another time I suppose.



##########
solr/core/src/java/org/apache/solr/client/solrj/embedded/JettySolrRunner.java:
##########
@@ -452,9 +457,6 @@ public void lifeCycleFailure(LifeCycle arg0, Throwable 
arg1) {
     gzipHandler.setHandler(chain);
 
     gzipHandler.setMinGzipSize(23); // 
https://github.com/eclipse/jetty.project/issues/4191
-    gzipHandler.setCheckGzExists(false);
-    gzipHandler.setCompressionLevel(-1);
-    gzipHandler.setExcludedAgentPatterns(".*MSIE.6\\.0.*");

Review Comment:
   why?



##########
versions.lock:
##########
@@ -369,8 +367,8 @@ org.apache.kerby:kerb-common:1.0.1 (2 constraints: a51841ca)
 org.apache.kerby:kerb-identity:1.0.1 (1 constraints: 5f0cb602)
 org.apache.kerby:kerb-server:1.0.1 (1 constraints: d10b65f2)
 org.apache.kerby:kerb-simplekdc:1.0.1 (1 constraints: dc0d7e3e)
+org.apache.tomcat.embed:tomcat-embed-el:9.0.63 (1 constraints: d01553cf)

Review Comment:
   Where are we using this?



##########
solr/core/src/java/org/apache/solr/servlet/SolrRequestParsers.java:
##########
@@ -670,9 +662,15 @@ public InputStream getStream() throws IOException {
     }
   }
 
+  public static boolean isMultipart(HttpServletRequest req) {
+    // Jetty utilities

Review Comment:
   *not* Jetty utilities.  It *was* using Jetty utilities.  I wrote the code 
being replaced.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to