vttranlina commented on PR #2629: URL: https://github.com/apache/james-project/pull/2629#issuecomment-2642252772
First, I tried configuring this (allowing slash encoding in the path) to keep existing tests unchanged without affecting James' behavior. However, Spark doesn’t provide api to modify this. The issue from Jetty 12, and I’m still stuck how to override its configuration before injecting it into Spark. Jetty provides an example for this setup: [[Jetty ee10-servlet-ambiguous-paths](https://github.com/jetty/jetty-examples/blob/12.0.x/embedded/ee10-servlet-ambiguous-paths/src/main/java/examples/EmbedMe.java)](https://github.com/jetty/jetty-examples/blob/12.0.x/embedded/ee10-servlet-ambiguous-paths/src/main/java/examples/EmbedMe.java) For Spark, injecting a custom Jetty instance requires: Implementing `spark.embeddedserver.jetty.JettyServerFactory` and `spark.embeddedserver.jetty.EmbeddedJettyFactory`. Registering it with: ```java EmbeddedServers.add( EmbeddedServers.Identifiers.JETTY, new CustomEmbedServerFactory()); ``` Despite this, I’m still unsuccessful. --- I then reconsidered why Jetty 12 enforces "Ambiguous URI encoding." Most comment and document relate is for security reasons. I’m questioning whether our current James implementation is correct. The failing tests all involve passing a username with a slash, e.g., `"alice...@domain.tld"` (`"alice/@domain.tld"`). Is this actually valid? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For additional commands, e-mail: notifications-h...@james.apache.org
