-
Notifications
You must be signed in to change notification settings - Fork 161
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: fix client requests with windows. #12279
Conversation
We really really should not be using Not Escaped:
" |
Windows vite requests will contain the path with the drive which contains `:` so it cannot be encoded to `%3A` as then the devServer returns a 404
a96f542
to
1e947ac
Compare
@@ -695,7 +695,10 @@ public boolean serveDevModeRequest(HttpServletRequest request, | |||
requestFilename = "/VAADIN/static" + requestFilename; | |||
} | |||
|
|||
String devServerRequestPath = UrlUtil.encodeURI(requestFilename); | |||
// Dev server request can have an absolute system path making | |||
// it required to not encode ':' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the wrong place to change. URLs are URLs, there is nothing special about the dev server?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well then the "fixed" url can not be used with Location as "abc:foo/bar" will read as has scheme so it's relative which is not accepted for a location. Wasn't this change made just to support spaces?
@@ -51,7 +53,7 @@ public static void verifyRelativePath(String path) { | |||
// Ignore forbidden chars supported in route definitions | |||
String strippedPath = path.replaceAll("[{}*]", ""); | |||
|
|||
URI uri = new URI(UrlUtil.encodeURI(strippedPath)); | |||
URI uri = new URI(URLEncoder.encode(strippedPath, UTF_8.name())); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is also wrong. What are you trying to fix here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks to me like this is using the wrong URI constructor. The parameter passed is not a full URL but a path and an appropriate constructor should be used
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe it should use public URI(String scheme, String host, String path, String fragment)
with everything except the path
parameter set to null
769c81e
to
55d2f44
Compare
SonarQube analysis reported 2 issues
|
An alternative fix that tries to address all potential problems in #12291 |
Windows vite requests will
contain the path with the drive
which contains
:
so it cannot beencoded to
%3A
as then thedevServer returns a 404