Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UriCompliance mode improvements #6132 #6137

Merged
merged 4 commits into from
Apr 8, 2021
Merged

UriCompliance mode improvements #6132 #6137

merged 4 commits into from
Apr 8, 2021

Conversation

gregw
Copy link
Contributor

@gregw gregw commented Apr 5, 2021
edited

Fixes #6132
This PR reverts the default behaviour to allows URIs that contain %2F. I'm only 80% convinced of this and we need to consider really carefully before changing the default again.

The PR also contains a non-string based way to create custom UriCompliance instances.
It also introduces a new Violation that will allow ambiguous Uri to be passed to the application without extra normalisation.

@gregw
Resolve #6132
8e328c6 
Improve configuration of ambiguous URI handling
@gregw gregw requested review from sbordet and joakime April 5, 2021 22:18
@gregw gregw changed the title Resolve #6132 UriCompliance mode improvements #6132 Apr 6, 2021
@gregw gregw requested a review from sbordet April 6, 2021 11:51
joakime
joakime requested changes Apr 6, 2021
View reviewed changes
Copy link
Contributor

@joakime joakime left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor changes.

jetty-http/src/main/java/org/eclipse/jetty/http/UriCompliance.java Outdated Show resolved Hide resolved
jetty-http/src/main/java/org/eclipse/jetty/http/UriCompliance.java Outdated Show resolved Hide resolved
@gregw gregw requested a review from joakime April 6, 2021 12:56
joakime
joakime requested changes Apr 6, 2021
View reviewed changes
Copy link
Contributor

@joakime joakime left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason that the private UriCompliance(String name, Set<Violation> violations) is still private?
Can it be public to allow embedded users a better API?

Never mind, the .from(Set) API is sufficient.

jetty-http/src/main/java/org/eclipse/jetty/http/UriCompliance.java Outdated Show resolved Hide resolved
jetty-http/src/main/java/org/eclipse/jetty/http/UriCompliance.java Outdated Show resolved Hide resolved
jetty-http/src/main/java/org/eclipse/jetty/http/UriCompliance.java Outdated Show resolved Hide resolved
@gregw
Copy link
Contributor Author

gregw commented Apr 6, 2021

@joakime with regards to the from API, that doesn't allow us to set a name... do you think we should also allow custom mode names?

@gregw gregw requested review from joakime and sbordet April 6, 2021 21:09
@gregw
Copy link
Contributor Author

gregw commented Apr 7, 2021

@joakime nudge

@gregw
Copy link
Contributor Author

gregw commented Apr 8, 2021

@joakime something strange is happening.... you've approved the changes, but I'm still seeing a red cross and requested changes from you??? What does this issue look like to you?

@gregw
Copy link
Contributor Author

gregw commented Apr 8, 2021

Oh... as soon as I commented it went green! strange!!!

@gregw gregw merged commit b56edf5 into jetty-10.0.x Apr 8, 2021
@gregw gregw deleted the jetty-10.0.x-6132-ambiguous-uris branch April 8, 2021 02:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joakime joakime joakime approved these changes

@sbordet sbordet sbordet approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@gregw @joakime @sbordet