Commit Graph

1371 Commits

Author SHA1 Message Date
Joakim Erdfelt cb127793e5
Happy New Year 2022 (#7459)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-01-27 10:42:30 -06:00
mszabo-wikia fd2407c72f
Clarify that requestHeaderSize is a cumulative limit (#7417)
* Clarify that requestHeaderSize is a cumulative limit

HttpConfiguration documents the requestHeaderSize configuration option
as being a limit on the size of a single request header, but it is in
fact a limit on the cumulative size of all request headers as well as
the request URI. This patch updates the documentation accordingly, and
adds test cases for the HTTP/1.x and HTTP/2 parsers to verify the
behavior.

NB.: the HTTP/3 parser and configuration seem to correctly document this
option as being a global limit on header size.

* Improve requestHeaderSize tests and documentation per review

Signed-off-by: Máté Szabó <mszabo@wikia-inc.com>
2022-01-19 11:56:27 -06:00
Simone Bordet 3042f2b2bf
Fixes #7348 - Slow CONNECT request causes NPE (#7349) (#7352)
* Fixes #7348 - Slow CONNECT request causes NPE (#7349)

Added NPE guard in `HttpReceiverOverHTTP.onUpgradeFrom()`.
Expanded logic in `HttpReceiverOverHTTP.parse()` to return true in case of CONNECT + 200.

Fixed `ProxyConnection.toConnectionString()` to avoid NPEs.

Fixed `HttpClientTest.testCONNECTWithHTTP10()` logic
after changes to fix this issue.

Now a tunneled connection is not put back into the connection pool,
and if applications explicitly want to use it, they must re-enable
fill interest, similarly to what should be done after upgrade+101.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 5eb7b70df7)
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2022-01-06 11:08:12 +01:00
Simone Bordet 578ae30311 Issue #6728 - QUIC and HTTP/3
Added http3 Jetty module and distribution test.
Implemented simple logic to send the Alt-Svc header in HTTP/2 responses.
Updated JNA dependency to use jna-jpms.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts a95fe3bfb8 Improvements & bug fixes from testing
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts 3a6a3e094d Use MetaData instead of HttpFields for QPACK
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts da50072cc8 The QpackEncoder should be able to use PreEncodedHttpFields.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts bdf44b8e22 Work through examples B.1. and B.2. from spec and fix bugs.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts 7abb1e62f2 Issue #7160- Add AMBIGUOUS_PATH_ENCODING to default UriCompliance mode.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-11-30 16:51:58 +11:00
Lachlan Roberts 866f4517db Improve #4275 ambiguous URIs (#6939)
* Improve #4275 ambiguous URIs

A URI like `/foo/%2e%2e;/bar` should be ambiguous both because of the encoded dots and because of the parameters.  This means that the default setting of jetty-9 is a bit more secure as this path is considered ambiguous if either Violation.SEGMENT or Violation.PARAM is set.

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-10-12 18:22:12 +11:00
Simone Bordet 0412bdc3d9 Fixes #6938 - module-info.java file do not use the canonical order for the elements
Changed order of entries in module-info.java to be canonical

(cherry picked from commit 02691171d5)
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2021-10-01 09:25:55 +02:00
Lachlan 0a78b9845d
Merge pull request #6657 from eclipse/jetty-10.0.x-6642-WebSocketConnectionHeaders
Issue #6642 - WebSocket handling of Connection: upgrade,close.
2021-08-31 14:25:47 +10:00
Lachlan Roberts 949aa6c342 Issue #6642 - move shutdown logic into HttpChannelOverHTTP and HttpConnection
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-08-27 11:53:54 +10:00
Lachlan Roberts fa316fc20d Issue #6642 - never shutdown output after generating a request.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-08-26 13:09:36 +10:00
Lachlan Roberts cb9a8d4060 Issue #6642 - change HttpGenerator state to END before returning
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-08-25 11:27:56 +10:00
Lachlan Roberts f7d9d8fcf8 Issue #6642 - prevent connection close after websocket upgrade
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-08-24 19:39:34 +10:00
Joakim Erdfelt 5dcc14b114
Merge pull request #6551 from eclipse/jetty-10.0.x-6545-refresh-mimetypes
Issue #6545 - Add more mime-types
2021-07-28 05:47:36 -05:00
Ludovic Orban bd11d6f682 #6491 add defensive check and introduce HttpParser.isTerminated()
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
2021-07-28 10:14:19 +02:00
Joakim Erdfelt 8971ea991f
Issue #6545 - Add more mime-types
+ Adding webp + avif + apng based on current
  `Accept` header offerings from current browsers.

Firefox 90.0
`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8`

Chrome 92.0.4515.107
`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9`

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2021-07-27 11:48:39 -05:00
Greg Wilkins 8945a58ffc
Reduce header cache memory usage on non persistent requests (#6494)
Delay creating a header cache until a second request on a parser.
Refactored cache code into subclass

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2021-07-07 12:51:06 +10:00
Lachlan 259f9af9c9
Merge pull request #6490 from eclipse/jetty-10.0.x-6489-UriCompliance
Issue #6489 - fix RFC3986_UNAMBIGUOUS and UNSAFE UriCompliance modes.
2021-07-06 15:58:51 +10:00
Lachlan Roberts 76ab749aca Issue #6489 - fix RFC3986_UNAMBIGUOUS and UNSAFE UriCompliance modes.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-07-01 17:52:07 +10:00
Lachlan Roberts b82b46243d Issue #6489 - fix RFC3986_UNAMBIGUOUS and UNSAFE UriCompliance modes.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-07-01 17:27:17 +10:00
Lachlan 3c32afa05c
Issue #6473 - canonicalPath refactor & fix alias check in PathResource (Jetty-10) (#6478)
Issue #6473 - canonicalPath refactor & fix alias check in PathResource

* Reverted %-escape handling for URI query parts.
* Performing canonicalization in ServletContext.getResource(),
  and improving alias checking in ContextHandler.getResource().
* Performing canonicalization checks in Resource.addPath() to avoid
  navigation above of the root.
* Test added and fixed.
* Various cleanups.
* Improved javadoc and comments
* Compliance mode HttpURI uses UriCompliance.Violation

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
2021-06-29 15:42:39 +02:00
Lachlan bc0fbbb5c1
Revert logic in Request.setMetaData, clear emptySegment on HttpUri.clear() (#6468)
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Manually merged as ECA checks are broken
2021-06-24 17:18:49 +10:00
Greg Wilkins 4673846635
Compliance modes documentation (#6312)
Added doco on compliance modes

Signed-off-by: Greg Wilkins <gregw@webtide.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
2021-06-24 15:20:05 +10:00
Lachlan d233f3be02
Issue #6447 - Deprecate support for UTF16 encoding in URIs (#6457)
Deprecate support for UTF16 encoding in URIs.
Add compliance mode to allow UTF16 encodings.
Improve testing.
2021-06-23 22:58:49 +10:00
Lachlan b4d7e5117d
Issue #6302 - Treat empty path segments as ambiguous. (#6304)
Issue #6302 - Treat empty path segments are ambiguous.

* Fix false empty segments being reported.
* Add HttpUriTests for the empty segment as ambiguous

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
2021-06-10 15:12:59 +02:00
Lachlan f58dbedcd0
Fixes #6263 - Review URI encoding in ConcatServlet & WelcomeFilter.
Review URI encoding in ConcatServlet & WelcomeFilter and improve testing.

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
2021-05-12 17:14:43 +02:00
Lachlan 4c98990cd9
Create FileBufferedResponseHandler to buffer responses into a file. (#6010)
FileBufferedResponseHandler adds an HttpOutput.Interceptor to buffer all responses into a file until the output is closed. This allows the commit to be delayed until the response is complete and thus headers and response status can be changed while writing the body.

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-04-19 11:02:44 +10:00
Greg Wilkins b56edf511a
UriCompliance mode improvements #6132 (#6137)
Resolve #6132

Improve configuration of ambiguous URI handling.
Added NON_CANONICAL_AMBIGUOUS_PATHS
2021-04-08 12:03:30 +10:00
Guilherme Amaral e3c87fc2af
Changed exception check by JUnit API usage (#6133) 2021-04-06 08:51:50 +10:00
Greg Wilkins 06e1a7e88d
URI compliance modes for #6001 (#6006)
* Fix #4275 separate compliance modes for ambiguous URI segments and separators

default modes allows both ambiguous separators and segments, but still forbids ambiguous parameters

Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2021-03-02 11:59:16 +01:00
gregw c4dbf9748e Merge remote-tracking branch 'origin/jetty-9.4.x' into jetty-10.0.x
Signed-off-by: gregw <gregw@webtide.com>
2021-02-24 11:58:55 +01:00
Greg Wilkins 49e73dfb75
Fix #4275 #6001 separate compliance modes for ambiguous URI segments and se… (#6003)
Fix #4275 separate compliance modes for ambiguous URI segments and separators
2021-02-24 10:05:05 +01:00
Joakim Erdfelt fa6c617069
Fixing checkstyle warning
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2021-02-23 16:28:09 -06:00
gregw bc3e1dc94e Merge remote-tracking branch 'origin/jetty-9.4.x' into jetty-10.0.x
Signed-off-by: gregw <gregw@webtide.com>
2021-02-23 20:06:30 +01:00
Greg Wilkins 8bd4a9fad8
Fix #5999 ArrayIndexOutOfBounds for unicode in HttpURI segment (#6000)
Fixed ArrayTrie to not throw if passed a unicode character.
2021-02-23 20:03:45 +01:00
gregw bb5fefdaeb Merge remote-tracking branch 'origin/jetty-9.4.x' into jetty-10.0.x
Signed-off-by: gregw <gregw@webtide.com>
2021-02-18 17:44:46 +01:00
Greg Wilkins 324ab668de
More optional etag gzip fixes for #5979 (#5986)
* More optional etag gzip fixes for #5979

IF no separator defined, do not add a suffix to an etag.
Some cleanup of the implementation.

* More optional etag gzip fixes for #5979

updates from review
2021-02-18 17:24:16 +01:00
gregw 1113b15110 Merge remote-tracking branch 'origin/jetty-9.4.x' into jetty-10.0.x 2021-02-18 14:18:31 +01:00
Joakim Erdfelt 10e531756b
Merge pull request from GHSA-m394-8rww-3jr7
Use comparator based sort
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: gregw <gregw@webtide.com>

Co-authored-by: gregw <gregw@webtide.com>
2021-02-18 14:14:38 +01:00
olivier lamy 1d5662f841 Merge branch 'jetty-9.4.x' into jetty-10.0.x 2021-02-18 07:44:37 +10:00
Greg Wilkins a8b4927427
Fix #5979 by allowing a configurable etag separator. (#5980)
* Fix #5979 by allowing a configurable etag separator.

Fix #5979 by allowing a configurable etag separator

* updates from review

* Updates from review

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2021-02-17 22:19:23 +01:00
gregw 97ee0fd527 fixed bad merge 2021-02-17 18:49:37 +01:00
gregw 349b89d7e4 Merge remote-tracking branch 'origin/jetty-9.4.x' into jetty-10.0.x
Signed-off-by: gregw <gregw@webtide.com>
2021-02-17 18:11:02 +01:00
gregw ea3f3a5b93 Update merge to 10 comment 2021-02-17 18:09:37 +01:00
Greg Wilkins ad6fc62bb5
Cleanup setPathQuery from #5954 (#5981)
Cleanup setPathQuery from #5954 so that it does not retain an old query if the passed string does not contain a query
2021-02-17 18:05:12 +01:00
gregw 1e364eccf8 Re re Fix rewrite tests for #5954
Re re Fix rewrite tests for #5954. Restore setPathQuery behaviour to preserve queries if none are set.
2021-02-17 12:41:55 +01:00
gregw dd5a565c08 Re re Fix rewrite tests for #5954
Re re Fix rewrite tests for #5954. Restore setPathQuery behaviour to preserve queries if none are set.
2021-02-17 12:12:56 +01:00