Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Illegal Character 0xA in Cookie #729

Closed
plutogeek opened this issue Jul 15, 2016 · 1 comment
Closed

Illegal Character 0xA in Cookie #729

plutogeek opened this issue Jul 15, 2016 · 1 comment

Comments

@plutogeek
Copy link

2016-07-15 16:02:23,363 WARN HttpParser.java 1229 - bad HTTP parsed: 400 Illegal character 0xa in state=HEADER_VALUE in 'GET /dqs/rest/dqs...ive\r\nCookie: \r\n<<<Cookie: 123\r\nCont...arset=utf-8\r\n\r\n>>>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' for HttpChannelOverHttp@35d17749{r=0,c=false,a=IDLE,uri=-}
org.eclipse.jetty.http.HttpParser$IllegalCharacter: 400: Illegal character 0xa in state=HEADER_VALUE in 'GET /dqs/rest/dqs...ive\r\nCookie: \r\n<<<Cookie: 123\r\nCont...arset=utf-8\r\n\r\n>>>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
at org.eclipse.jetty.http.HttpParser.parseHeaders(HttpParser.java:1062)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:1136)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:236)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:610)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:539)
at java.lang.Thread.run(Thread.java:745)
2016-07-15 16:02:23,365 DEBUG HttpParser.java 1486 - HEADER_VALUE --> CLOSED
2016-07-15 16:02:23,366 DEBUG HttpChannelState.java 173 - HttpChannelState@1466bfda{s=IDLE i=true a=null} handling IDLE

Header:

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Accept-Encoding:gzip, deflate, sdch
Accept-Language:zh-CN,zh;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Cookie:_ulta_id.CM-UAT.b737=f218cb4f2cb52606; _ulta_id.ECM-UAT.b737=9e8d0c13b1cbe4eb; _ulta_ses.ECM-UAT.b737=5374b3b1d1c65868
Host:XXXXXXXXX
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36

@joakime joakime changed the title 部分客户端访问时只要带cookie信息就会报错(jetty 9.3.0.M0) Illegal Character 0xA in Cookie Jul 15, 2016
@joakime
Copy link
Contributor

joakime commented Jul 15, 2016

Your request violates the RFC7230 spec.

We can see from the logs ...

org.eclipse.jetty.http.HttpParser$IllegalCharacter: 400: Illegal character 0xa in state=HEADER_VALUE in 'GET /dqs/rest/dqs...ive\r\nCookie: \r\n<<>>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'

That your server received a request with a cookie value at the end of the request, which had a "\r\n" and no value.

Both the no-value, and the use of "\r\n" are illegal for a Cookie value per the HTTP spec.

Also, you need to update to a released stable version of Jetty. As Jetty 9.3.0.M0 is an unstable milestone release.

As of today, the latest stable release version is: 9.3.10.v20160621

@joakime joakime closed this as completed Jul 15, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants