Closed
Bug 1451347
Opened 6 years ago
Closed 6 years ago
|, {, } are not encoded as should be in RFC 7230 and RFC 3986
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: psuwala, Unassigned)
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 Steps to reproduce: Visiting any page on newer Tomcat 9.0.* and >8.5.12 using '{', '}' or '|' in url will make request rejected. Actual results: This will happen on server: java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986 at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:476) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:687) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) As characters are not escaped, and page will be displayed with 400. Expected results: Page should be displayed.
Reporter | ||
Updated•6 years ago
|
OS: Unspecified → Mac OS X
Reporter | ||
Updated•6 years ago
|
Hardware: Unspecified → x86_64
Comment 1•6 years ago
|
||
Can you please provide the URL you are having issues with?
Flags: needinfo?(psuwala)
Updated•6 years ago
|
Component: Untriaged → Networking: HTTP
Product: Firefox → Core
Reporter | ||
Comment 2•6 years ago
|
||
Hello, This error is concerned with this: https://bz.apache.org/bugzilla/show_bug.cgi?id=60594. Newest browser should already escape '{|}'. Examples of urls: http://my.com?filter={"search":"isvalid"} http://localhost:8090/jira/browse/SSP-15?jql=%20text%20=%20{ksi|delta} It is possible in 8.5.* tomcat to allow '{|}' however in 9.0.* it is not.
Flags: needinfo?(psuwala)
Comment 3•6 years ago
|
||
Per https://url.spec.whatwg.org/#query-state {|} do not need to be encoded in the query Firefox exhibits the same behaviour as other browsers.
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•