Commit Graph

2118 Commits

Author SHA1 Message Date
Joakim Erdfelt 793bee9e14
Issue #8716 - Handle bad host/authority headers better (#8717)
* Issue #8716 - Handle bad host/authority headers better
* Remove extra `Host` header in testcase that doesn't deal with bad Host headers
* Create URIUtil.isRegName
* Correcting HostPortTest.testValidAuthority
* Correcting RequestTest.testInvalidHostHeader
* Remove clonable, set to final

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-11-08 18:08:20 -06:00
Joakim Erdfelt 3faa2fcd16
Issue #8628 - pseudo restore PathMappings.getMatch(String)
+ This returns a MappedResource, but not
  the stored instance, but a new instance
  of MappedResource every time.

+ Flagged deprecated APIs for removal
  as well

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-09-28 11:25:16 -05:00
Olivier Lamy dbd07146ec
merge back release branch to bump version to 10.0.13-SNAPSHOT (#8593)
* Updating to version 10.0.12

* Updating to version 10.0.13-SNAPSHOT

* VERSION.TXT =+ content of jetty-9.4.49.v20220914 release

* remove strange line and reorder
2022-09-16 19:50:12 +10:00
Simone Bordet 77ad0189ba
Fixes #8532 - Review System.nanoTime() usages. (#8535)
* Fixes #8532 - Review System.nanoTime() usages.

Introduced o.e.j.util.NanoTime class to deal with nanoTimes.

Now NanoTime.now() should be used instead of System.nanoTime(),
and various <unit>[elapsed|since|until]() methods to calculate nanoTimes.

Furthermore, comparing 2 nanoTimes should be done via isBefore(),
rather than using the < operator, which is wrong as specified in
the System.nanoTime() javadocs.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2022-09-06 09:30:02 +02:00
Joakim Erdfelt 64d12e2a5a
Merge Release 10.0.11 back into `jetty-10.0.x` branch (#8194)
* Updating to version 10.0.11

* Updating to version 10.0.12-SNAPSHOT
2022-06-22 16:24:48 -05:00
Joakim Erdfelt 5fddbf9bb1
Issue #8184 - Correcting match logic for multiple servlet suffix url-pattern (#8185)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-06-21 15:24:39 -05:00
Joakim Erdfelt c2bc103cb9
Merge Release 10.0.10 back into `jetty-10.0.x` (#8180)
* Updating to version 10.0.11-SNAPSHOT
2022-06-21 14:41:41 +02:00
Joakim Erdfelt 1b4f941942
RegexPathSpec documentation and MatchedPath improvements (#8163)
* More documentation

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-06-16 13:53:04 -05:00
Joakim Erdfelt d63569d025
Migrate code from jetty-util Logger to slf4j Logger (#8162)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-06-15 20:01:48 +02:00
Joakim Erdfelt 8de55150fe
Cherry-pick of Improvements to PathSpec for Jetty 10.0.x (#8136)
* Cherry-pick of Improvements to PathSpec.
* From commit: 5b4d1dd1c6
* Fixing ConstraintSecurityHandler usage of PathMappings
* Fixing bad INCLUDE logic from cherry-pick in ServletHandler.doScope()
* Cleanup of non ServletPathSpec behaviors in ServletPathMapping class
* Skip optional group name/info lookup if regex fails.
* Prevent NPE on static servletPathMappings
* Update WebSocketMappings to use new PathMappings.getMatched(String)

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-06-08 12:36:30 -05:00
Greg Wilkins 7a1c165677
Implement #8057 103 Early Hint (#8058)
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
2022-06-01 11:56:54 +10:00
Simone Bordet d1e64f4693
Fixes #8014 - Review HttpRequest URI construction. (#8015)
Fixes #8014 - Review HttpRequest URI construction.

Now always adding a "/" before the path, if not already present.
Disabled flakey HTTP/3 test.
Parse CONNECT URIs as Authority

Co-authored-by: Greg Wilkins <gregw@webtide.com>
2022-05-26 18:13:17 +10:00
Greg Wilkins e12d5d58b6
Jetty 10 7918 root pathspec (#7920)
Fix #7918 Root path spec
Handle root pathspec in PathMappings.asPathSpec
Introduce protected asPathSpec to allow for extensibility

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2022-04-26 19:04:17 +02:00
Greg Wilkins 5fc63bf8e8
Issue #7748 - Merge PathSpec improvements made in 9.4.x (#7845)
* Fixes to backport of #7748

+ Backport of #7748
+ Fix RegexPathSpec pathInfo
+ Fix UriTemplatePathSpec pathInfo
+ Test regression option to 93 behaviour

* small optimization

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2022-04-06 11:14:52 +02:00
Joakim Erdfelt 16420f0181
Set version to `10.0.10-SNAPSHOT` (#7823)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-04-03 20:33:44 +10:00
Joakim Erdfelt f079949a35
Merge Release 10.0.9 (#7821)
* Updating to version 10.0.9

* Updating to version 10.0.10
2022-04-02 08:43:44 -05:00
Jaroslaw Rzeszotko a35719367b
Issue #7683 - Use direct buffers for gzip input/output, if configured.
Use direct buffers for gzip input/output, if configured.
Code cleanups.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2022-03-24 17:59:49 +01:00
Simone Bordet a4fda96f49
Updating to version 10.0.9-SNAPSHOT 2022-02-07 12:02:02 +01:00
Simone Bordet 716c7afd8e
Updating to version 10.0.8 2022-02-07 11:34:12 +01:00
Joakim Erdfelt cb127793e5
Happy New Year 2022 (#7459)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-01-27 10:42:30 -06:00
mszabo-wikia fd2407c72f
Clarify that requestHeaderSize is a cumulative limit (#7417)
* Clarify that requestHeaderSize is a cumulative limit

HttpConfiguration documents the requestHeaderSize configuration option
as being a limit on the size of a single request header, but it is in
fact a limit on the cumulative size of all request headers as well as
the request URI. This patch updates the documentation accordingly, and
adds test cases for the HTTP/1.x and HTTP/2 parsers to verify the
behavior.

NB.: the HTTP/3 parser and configuration seem to correctly document this
option as being a global limit on header size.

* Improve requestHeaderSize tests and documentation per review

Signed-off-by: Máté Szabó <mszabo@wikia-inc.com>
2022-01-19 11:56:27 -06:00
Simone Bordet 3042f2b2bf
Fixes #7348 - Slow CONNECT request causes NPE (#7349) (#7352)
* Fixes #7348 - Slow CONNECT request causes NPE (#7349)

Added NPE guard in `HttpReceiverOverHTTP.onUpgradeFrom()`.
Expanded logic in `HttpReceiverOverHTTP.parse()` to return true in case of CONNECT + 200.

Fixed `ProxyConnection.toConnectionString()` to avoid NPEs.

Fixed `HttpClientTest.testCONNECTWithHTTP10()` logic
after changes to fix this issue.

Now a tunneled connection is not put back into the connection pool,
and if applications explicitly want to use it, they must re-enable
fill interest, similarly to what should be done after upgrade+101.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 5eb7b70df7)
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2022-01-06 11:08:12 +01:00
Simone Bordet 578ae30311 Issue #6728 - QUIC and HTTP/3
Added http3 Jetty module and distribution test.
Implemented simple logic to send the Alt-Svc header in HTTP/2 responses.
Updated JNA dependency to use jna-jpms.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts a95fe3bfb8 Improvements & bug fixes from testing
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts 3a6a3e094d Use MetaData instead of HttpFields for QPACK
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts da50072cc8 The QpackEncoder should be able to use PreEncodedHttpFields.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts bdf44b8e22 Work through examples B.1. and B.2. from spec and fix bugs.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts 7abb1e62f2 Issue #7160- Add AMBIGUOUS_PATH_ENCODING to default UriCompliance mode.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-11-30 16:51:58 +11:00
Lachlan ec221865b6
Merge pull request #6978 from eclipse/jetty-10.0.x-4275-ambiguousparam
Improve #4275 ambiguous URIs (#6939)
2021-10-21 17:48:33 +11:00
Lachlan Roberts 866f4517db Improve #4275 ambiguous URIs (#6939)
* Improve #4275 ambiguous URIs

A URI like `/foo/%2e%2e;/bar` should be ambiguous both because of the encoded dots and because of the parameters.  This means that the default setting of jetty-9 is a bit more secure as this path is considered ambiguous if either Violation.SEGMENT or Violation.PARAM is set.

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-10-12 18:22:12 +11:00
Joakim Erdfelt cfc67f86d2 Updating to version 10.0.8-SNAPSHOT 2021-10-06 14:51:32 -05:00
Joakim Erdfelt da8a4553af Updating to version 10.0.7 2021-10-06 14:32:37 -05:00
Simone Bordet 0412bdc3d9 Fixes #6938 - module-info.java file do not use the canonical order for the elements
Changed order of entries in module-info.java to be canonical

(cherry picked from commit 02691171d5)
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2021-10-01 09:25:55 +02:00
Olivier Lamy 51d44a3401
use dependencyManagement for internal dependencies (#6940)
Signed-off-by: Olivier Lamy <oliver.lamy@gmail.com>
2021-09-30 16:57:19 +10:00
dependabot[bot] b44dde6098
Bump maven-enforcer-plugin from 3.0.0-M3 to 3.0.0 (#6755)
* Bump maven-enforcer-plugin from 3.0.0-M3 to 3.0.0

Bumps [maven-enforcer-plugin](https://github.com/apache/maven-enforcer) from 3.0.0-M3 to 3.0.0.
- [Release notes](https://github.com/apache/maven-enforcer/releases)
- [Commits](https://github.com/apache/maven-enforcer/compare/enforcer-3.0.0-M3...enforcer-3.0.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-enforcer-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix some upper bound issues and exclude more javax

Signed-off-by: Olivier Lamy <oliver.lamy@gmail.com>

* fix upperbound dependencies issue with enforcer plugin upgrade

Signed-off-by: Olivier Lamy <oliver.lamy@gmail.com>

* exclude this wrong which makes enforcer plugin fail and btw it's not used

Signed-off-by: Olivier Lamy <oliver.lamy@gmail.com>

* fix last enforcer upperbound issues

Signed-off-by: Olivier Lamy <oliver.lamy@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Olivier Lamy <oliver.lamy@gmail.com>
2021-09-14 06:10:48 +10:00
Lachlan 0a78b9845d
Merge pull request #6657 from eclipse/jetty-10.0.x-6642-WebSocketConnectionHeaders
Issue #6642 - WebSocket handling of Connection: upgrade,close.
2021-08-31 14:25:47 +10:00
Lachlan Roberts 949aa6c342 Issue #6642 - move shutdown logic into HttpChannelOverHTTP and HttpConnection
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-08-27 11:53:54 +10:00
Lachlan Roberts fa316fc20d Issue #6642 - never shutdown output after generating a request.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-08-26 13:09:36 +10:00
Lachlan Roberts cb9a8d4060 Issue #6642 - change HttpGenerator state to END before returning
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-08-25 11:27:56 +10:00
Lachlan Roberts f7d9d8fcf8 Issue #6642 - prevent connection close after websocket upgrade
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-08-24 19:39:34 +10:00
Joakim Erdfelt 5dcc14b114
Merge pull request #6551 from eclipse/jetty-10.0.x-6545-refresh-mimetypes
Issue #6545 - Add more mime-types
2021-07-28 05:47:36 -05:00
Ludovic Orban bd11d6f682 #6491 add defensive check and introduce HttpParser.isTerminated()
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
2021-07-28 10:14:19 +02:00
Joakim Erdfelt 8971ea991f
Issue #6545 - Add more mime-types
+ Adding webp + avif + apng based on current
  `Accept` header offerings from current browsers.

Firefox 90.0
`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8`

Chrome 92.0.4515.107
`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9`

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2021-07-27 11:48:39 -05:00
Joakim Erdfelt 92b6f336b6
Merge pull request #6503 from eclipse/release-10.0.6
Merge Release 10.0.6
2021-07-07 08:21:20 -05:00
Greg Wilkins 8945a58ffc
Reduce header cache memory usage on non persistent requests (#6494)
Delay creating a header cache until a second request on a parser.
Refactored cache code into subclass

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2021-07-07 12:51:06 +10:00
Lachlan 259f9af9c9
Merge pull request #6490 from eclipse/jetty-10.0.x-6489-UriCompliance
Issue #6489 - fix RFC3986_UNAMBIGUOUS and UNSAFE UriCompliance modes.
2021-07-06 15:58:51 +10:00
Lachlan Roberts 76ab749aca Issue #6489 - fix RFC3986_UNAMBIGUOUS and UNSAFE UriCompliance modes.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-07-01 17:52:07 +10:00
Lachlan Roberts b82b46243d Issue #6489 - fix RFC3986_UNAMBIGUOUS and UNSAFE UriCompliance modes.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-07-01 17:27:17 +10:00
Joakim Erdfelt c245a70893 Updating to version 10.0.7-SNAPSHOT 2021-06-29 10:51:22 -05:00
Joakim Erdfelt 37e7731b4b Updating to version 10.0.6 2021-06-29 10:27:56 -05:00