Commit Graph

2143 Commits

Author SHA1 Message Date
Lachlan Roberts 2d935efe4d Issue #9554 - changes from review
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2023-05-04 09:26:31 +10:00
Lachlan Roberts 0e5a8d6bc0 align the vchar javadoc in HttpTokens.sanitizeFieldVchar
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2023-05-02 12:10:09 +10:00
Lachlan Roberts c2d2c1eadb Issue #9554 - changes from review
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2023-05-01 19:23:57 +10:00
Lachlan Roberts d0294fc10c Issue #9554 - changes from review
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2023-05-01 18:05:55 +10:00
Lachlan Roberts fa32199559 Merge remote-tracking branch 'origin/jetty-10.0.x' into jetty-10.0.x-9554-qpack-hpack 2023-04-28 16:25:34 +10:00
Lachlan Roberts a7b0b727dd Issue #9554 - add javadoc for huffman / n-bit integer classes and remove static decode methods
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2023-04-18 15:24:59 +10:00
Lachlan Roberts 09e6e6b211 Issue #9554 - add javadoc for illegal vchar methods and move to HttpTokens
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2023-04-18 10:46:29 +10:00
Lachlan Roberts c3b6b47915 Use ISO-8859-1 for encoding/decoding in huffman/hpack/qpack
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2023-04-17 17:11:14 +10:00
Joakim Erdfelt ca3c1756ad
Updating to version 10.0.16-SNAPSHOT 2023-04-11 13:23:25 -05:00
Joakim Erdfelt 68017dbd00
Updating to version 10.0.15 2023-04-11 12:24:32 -05:00
Lachlan Roberts ebec7d2ea3 Issue #9554 - move common hpack/qpack code to jetty-http
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2023-04-11 16:51:37 +10:00
Joakim Erdfelt 17aa0c5ab9
Fixing #9517 - bad url-pattern prefix match behavior (#9518)
* Fixing #9517 - bad url-pattern prefix match behavior

Fixed regression where `/foo/*` was incorrectly matching `/foobar`.

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: gregw <gregw@webtide.com>
Co-authored-by: gregw <gregw@webtide.com>
2023-03-20 17:53:40 +01:00
Greg Wilkins 659f16d1c0
Fix #9468 Space in Cookie name (#9471)
Added a violation to allow unquoted spaces in cookie values

Signed-off-by: gregw <gregw@webtide.com>
2023-03-08 21:07:14 +01:00
Olivier Lamy e62cc0344a Updating to version 10.0.15-SNAPSHOT 2023-03-01 18:55:10 +10:00
Greg Wilkins 4d146412c8
Fix #9334 Cookie Compliance (#9402)
Fix incorrect change to RFC6265 to not support dollars in cookie names.

Signed-off-by: gregw <gregw@webtide.com>
2023-02-21 21:31:43 +11:00
gregw 7a7d69a69f Happy no year
Remove modification date from copyright notice and instead just have the
project inception year.

Signed-off-by: gregw <gregw@webtide.com>
2023-02-15 15:22:32 +11:00
gregw 53fa2489b2 fixed commented out test in CookieCutterTest
Signed-off-by: gregw <gregw@webtide.com>
2023-02-15 08:55:23 +11:00
Simone Bordet 7b8c2c1bf0
Fix/jetty 10 9334 review cookie cutter (#9339)
Cookie cleanup
+ New Cookie parser with clearer focus on RFC6265.
+ Better compliance modes for RFC2965
+ Introduced CookieParser interface so that old and new parsers can coexist and be selected by compliance mode.

---------

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
2023-02-15 08:38:24 +11:00
Greg Wilkins 3a7865546c
Updated javascript mimetypes (#9347)
+ Updated js to text/javascript
 + added mjs extension

Signed-off-by: gregw <gregw@webtide.com>
2023-02-14 18:07:48 +11:00
Greg Wilkins 5f25f5b389
Fix/jetty 10.0.x/uri host mismatch alt (#9343)
* Introduce HttpCompliance.MISMATCHED_AUTHORITY

* Update HttpCompliance.RFC2616

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>

* Update NcsaRequestLogTest.testAbsolute

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>

* Use RFC2616 mode in RFC2616 tests

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>

* Alternative fix for mismatched host headers

This PR fixes the miss-matched host header issue in the Request.setMetaData method. This requires no change to the HttpParser.
A more comprehensive fix can be considered for jetty-12.

Signed-off-by: gregw <gregw@webtide.com>

* Alternative fix for mismatched host headers

Updates from review

Signed-off-by: gregw <gregw@webtide.com>

---------

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: gregw <gregw@webtide.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2023-02-14 07:43:19 +11:00
Joakim Erdfelt 016de2faeb
Jetty 10 - Configurable Unsafe Host Header (#9283)
* Adding HttpCompliance.DUPLICATE_HOST_HEADERS
  + Optional compliance that allowance duplicate host headers.
* Adding HttpCompliance.UNSAFE_HOST_HEADER
  + Optional compliance that allows unsafe host headers.
* Adding warning logging for bad Host / authority situations

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2023-02-03 08:30:07 -06:00
dependabot[bot] ca19b143a9
Bump maven.surefire.plugin.version from 3.0.0-M5 to 3.0.0-M8 (#9255) 2023-02-02 04:15:39 +00:00
Greg Wilkins 4916377686
PathMappings optimizations (#9055)
* Avoid iterations if only ServletPathSpec instances
* Avoid tests for empty mappings.
* Better reset implementation
* More test coverage
2022-12-20 11:08:40 +11:00
Joakim Erdfelt 54c4c03244
Updating to version 10.0.14-SNAPSHOT 2022-12-07 14:33:17 -06:00
Joakim Erdfelt 1c2636ea05
Updating to version 10.0.13 2022-12-07 14:12:50 -06:00
Joakim Erdfelt 793bee9e14
Issue #8716 - Handle bad host/authority headers better (#8717)
* Issue #8716 - Handle bad host/authority headers better
* Remove extra `Host` header in testcase that doesn't deal with bad Host headers
* Create URIUtil.isRegName
* Correcting HostPortTest.testValidAuthority
* Correcting RequestTest.testInvalidHostHeader
* Remove clonable, set to final

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-11-08 18:08:20 -06:00
Joakim Erdfelt 3faa2fcd16
Issue #8628 - pseudo restore PathMappings.getMatch(String)
+ This returns a MappedResource, but not
  the stored instance, but a new instance
  of MappedResource every time.

+ Flagged deprecated APIs for removal
  as well

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-09-28 11:25:16 -05:00
Olivier Lamy dbd07146ec
merge back release branch to bump version to 10.0.13-SNAPSHOT (#8593)
* Updating to version 10.0.12

* Updating to version 10.0.13-SNAPSHOT

* VERSION.TXT =+ content of jetty-9.4.49.v20220914 release

* remove strange line and reorder
2022-09-16 19:50:12 +10:00
Simone Bordet 77ad0189ba
Fixes #8532 - Review System.nanoTime() usages. (#8535)
* Fixes #8532 - Review System.nanoTime() usages.

Introduced o.e.j.util.NanoTime class to deal with nanoTimes.

Now NanoTime.now() should be used instead of System.nanoTime(),
and various <unit>[elapsed|since|until]() methods to calculate nanoTimes.

Furthermore, comparing 2 nanoTimes should be done via isBefore(),
rather than using the < operator, which is wrong as specified in
the System.nanoTime() javadocs.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2022-09-06 09:30:02 +02:00
Joakim Erdfelt 64d12e2a5a
Merge Release 10.0.11 back into `jetty-10.0.x` branch (#8194)
* Updating to version 10.0.11

* Updating to version 10.0.12-SNAPSHOT
2022-06-22 16:24:48 -05:00
Joakim Erdfelt 5fddbf9bb1
Issue #8184 - Correcting match logic for multiple servlet suffix url-pattern (#8185)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-06-21 15:24:39 -05:00
Joakim Erdfelt c2bc103cb9
Merge Release 10.0.10 back into `jetty-10.0.x` (#8180)
* Updating to version 10.0.11-SNAPSHOT
2022-06-21 14:41:41 +02:00
Joakim Erdfelt 1b4f941942
RegexPathSpec documentation and MatchedPath improvements (#8163)
* More documentation

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-06-16 13:53:04 -05:00
Joakim Erdfelt d63569d025
Migrate code from jetty-util Logger to slf4j Logger (#8162)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-06-15 20:01:48 +02:00
Joakim Erdfelt 8de55150fe
Cherry-pick of Improvements to PathSpec for Jetty 10.0.x (#8136)
* Cherry-pick of Improvements to PathSpec.
* From commit: 5b4d1dd1c6
* Fixing ConstraintSecurityHandler usage of PathMappings
* Fixing bad INCLUDE logic from cherry-pick in ServletHandler.doScope()
* Cleanup of non ServletPathSpec behaviors in ServletPathMapping class
* Skip optional group name/info lookup if regex fails.
* Prevent NPE on static servletPathMappings
* Update WebSocketMappings to use new PathMappings.getMatched(String)

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-06-08 12:36:30 -05:00
Greg Wilkins 7a1c165677
Implement #8057 103 Early Hint (#8058)
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
2022-06-01 11:56:54 +10:00
Simone Bordet d1e64f4693
Fixes #8014 - Review HttpRequest URI construction. (#8015)
Fixes #8014 - Review HttpRequest URI construction.

Now always adding a "/" before the path, if not already present.
Disabled flakey HTTP/3 test.
Parse CONNECT URIs as Authority

Co-authored-by: Greg Wilkins <gregw@webtide.com>
2022-05-26 18:13:17 +10:00
Greg Wilkins e12d5d58b6
Jetty 10 7918 root pathspec (#7920)
Fix #7918 Root path spec
Handle root pathspec in PathMappings.asPathSpec
Introduce protected asPathSpec to allow for extensibility

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2022-04-26 19:04:17 +02:00
Greg Wilkins 5fc63bf8e8
Issue #7748 - Merge PathSpec improvements made in 9.4.x (#7845)
* Fixes to backport of #7748

+ Backport of #7748
+ Fix RegexPathSpec pathInfo
+ Fix UriTemplatePathSpec pathInfo
+ Test regression option to 93 behaviour

* small optimization

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2022-04-06 11:14:52 +02:00
Joakim Erdfelt 16420f0181
Set version to `10.0.10-SNAPSHOT` (#7823)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-04-03 20:33:44 +10:00
Joakim Erdfelt f079949a35
Merge Release 10.0.9 (#7821)
* Updating to version 10.0.9

* Updating to version 10.0.10
2022-04-02 08:43:44 -05:00
Jaroslaw Rzeszotko a35719367b
Issue #7683 - Use direct buffers for gzip input/output, if configured.
Use direct buffers for gzip input/output, if configured.
Code cleanups.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2022-03-24 17:59:49 +01:00
Simone Bordet a4fda96f49
Updating to version 10.0.9-SNAPSHOT 2022-02-07 12:02:02 +01:00
Simone Bordet 716c7afd8e
Updating to version 10.0.8 2022-02-07 11:34:12 +01:00
Joakim Erdfelt cb127793e5
Happy New Year 2022 (#7459)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-01-27 10:42:30 -06:00
mszabo-wikia fd2407c72f
Clarify that requestHeaderSize is a cumulative limit (#7417)
* Clarify that requestHeaderSize is a cumulative limit

HttpConfiguration documents the requestHeaderSize configuration option
as being a limit on the size of a single request header, but it is in
fact a limit on the cumulative size of all request headers as well as
the request URI. This patch updates the documentation accordingly, and
adds test cases for the HTTP/1.x and HTTP/2 parsers to verify the
behavior.

NB.: the HTTP/3 parser and configuration seem to correctly document this
option as being a global limit on header size.

* Improve requestHeaderSize tests and documentation per review

Signed-off-by: Máté Szabó <mszabo@wikia-inc.com>
2022-01-19 11:56:27 -06:00
Simone Bordet 3042f2b2bf
Fixes #7348 - Slow CONNECT request causes NPE (#7349) (#7352)
* Fixes #7348 - Slow CONNECT request causes NPE (#7349)

Added NPE guard in `HttpReceiverOverHTTP.onUpgradeFrom()`.
Expanded logic in `HttpReceiverOverHTTP.parse()` to return true in case of CONNECT + 200.

Fixed `ProxyConnection.toConnectionString()` to avoid NPEs.

Fixed `HttpClientTest.testCONNECTWithHTTP10()` logic
after changes to fix this issue.

Now a tunneled connection is not put back into the connection pool,
and if applications explicitly want to use it, they must re-enable
fill interest, similarly to what should be done after upgrade+101.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 5eb7b70df7)
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2022-01-06 11:08:12 +01:00
Simone Bordet 578ae30311 Issue #6728 - QUIC and HTTP/3
Added http3 Jetty module and distribution test.
Implemented simple logic to send the Alt-Svc header in HTTP/2 responses.
Updated JNA dependency to use jna-jpms.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts a95fe3bfb8 Improvements & bug fixes from testing
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts 3a6a3e094d Use MetaData instead of HttpFields for QPACK
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00