You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Use Servlet provided PathInfo. It is normalized already.
Use most strict compliance mode. http.compliance = RFC7230 should allow to switch back to less strict mode.
The text was updated successfully, but these errors were encountered:
The idea is that our servlets are mapped to /: RequestURI and PathInfo point to the same location. But PathInfo is decoded and normalized, while requestURI is not.
in XP requestURI is later decoded, but not normalized. It leads to problems.
It is also incorrectly decoded as url-form-encoded (basically erroneously converting + into )
Switching from RequestURI to PathInfo eliminates the need for decoding and normalization: Jetty does it for us.
Since path decoding is also ambiguous, Jetty introduced configuration - to fine-tune reaction on ambiguous paths. XP making it as strict as possible in the fix - any ambiguity result in 400 (future Jetty versions have strict mode enabled by default, too)
Use Servlet provided PathInfo. It is normalized already.
Use most strict compliance mode.
http.compliance = RFC7230
should allow to switch back to less strict mode.The text was updated successfully, but these errors were encountered: