1
0
mirror of https://github.com/jetty/jetty.project.git synced 2025-02-15 02:54:49 +00:00

2134 Commits

Author SHA1 Message Date
Joakim Erdfelt
ca3c1756ad
Updating to version 10.0.16-SNAPSHOT 2023-04-11 13:23:25 -05:00
Joakim Erdfelt
68017dbd00
Updating to version 10.0.15 2023-04-11 12:24:32 -05:00
Joakim Erdfelt
17aa0c5ab9
Fixing - bad url-pattern prefix match behavior ()
* Fixing  - bad url-pattern prefix match behavior

Fixed regression where `/foo/*` was incorrectly matching `/foobar`.

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: gregw <gregw@webtide.com>
Co-authored-by: gregw <gregw@webtide.com>
2023-03-20 17:53:40 +01:00
Greg Wilkins
659f16d1c0
Fix Space in Cookie name ()
Added a violation to allow unquoted spaces in cookie values

Signed-off-by: gregw <gregw@webtide.com>
2023-03-08 21:07:14 +01:00
Olivier Lamy
e62cc0344a Updating to version 10.0.15-SNAPSHOT 2023-03-01 18:55:10 +10:00
Greg Wilkins
4d146412c8
Fix Cookie Compliance ()
Fix incorrect change to RFC6265 to not support dollars in cookie names.

Signed-off-by: gregw <gregw@webtide.com>
2023-02-21 21:31:43 +11:00
gregw
7a7d69a69f Happy no year
Remove modification date from copyright notice and instead just have the
project inception year.

Signed-off-by: gregw <gregw@webtide.com>
2023-02-15 15:22:32 +11:00
gregw
53fa2489b2 fixed commented out test in CookieCutterTest
Signed-off-by: gregw <gregw@webtide.com>
2023-02-15 08:55:23 +11:00
Simone Bordet
7b8c2c1bf0
Fix/jetty 10 9334 review cookie cutter ()
Cookie cleanup
+ New Cookie parser with clearer focus on RFC6265.
+ Better compliance modes for RFC2965
+ Introduced CookieParser interface so that old and new parsers can coexist and be selected by compliance mode.

---------

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
2023-02-15 08:38:24 +11:00
Greg Wilkins
3a7865546c
Updated javascript mimetypes ()
+ Updated js to text/javascript
 + added mjs extension

Signed-off-by: gregw <gregw@webtide.com>
2023-02-14 18:07:48 +11:00
Greg Wilkins
5f25f5b389
Fix/jetty 10.0.x/uri host mismatch alt ()
* Introduce HttpCompliance.MISMATCHED_AUTHORITY

* Update HttpCompliance.RFC2616

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>

* Update NcsaRequestLogTest.testAbsolute

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>

* Use RFC2616 mode in RFC2616 tests

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>

* Alternative fix for mismatched host headers

This PR fixes the miss-matched host header issue in the Request.setMetaData method. This requires no change to the HttpParser.
A more comprehensive fix can be considered for jetty-12.

Signed-off-by: gregw <gregw@webtide.com>

* Alternative fix for mismatched host headers

Updates from review

Signed-off-by: gregw <gregw@webtide.com>

---------

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: gregw <gregw@webtide.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2023-02-14 07:43:19 +11:00
Joakim Erdfelt
016de2faeb
Jetty 10 - Configurable Unsafe Host Header ()
* Adding HttpCompliance.DUPLICATE_HOST_HEADERS
  + Optional compliance that allowance duplicate host headers.
* Adding HttpCompliance.UNSAFE_HOST_HEADER
  + Optional compliance that allows unsafe host headers.
* Adding warning logging for bad Host / authority situations

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2023-02-03 08:30:07 -06:00
dependabot[bot]
ca19b143a9
Bump maven.surefire.plugin.version from 3.0.0-M5 to 3.0.0-M8 () 2023-02-02 04:15:39 +00:00
Greg Wilkins
4916377686
PathMappings optimizations ()
* Avoid iterations if only ServletPathSpec instances
* Avoid tests for empty mappings.
* Better reset implementation
* More test coverage
2022-12-20 11:08:40 +11:00
Joakim Erdfelt
54c4c03244
Updating to version 10.0.14-SNAPSHOT 2022-12-07 14:33:17 -06:00
Joakim Erdfelt
1c2636ea05
Updating to version 10.0.13 2022-12-07 14:12:50 -06:00
Joakim Erdfelt
793bee9e14
Issue - Handle bad host/authority headers better ()
* Issue  - Handle bad host/authority headers better
* Remove extra `Host` header in testcase that doesn't deal with bad Host headers
* Create URIUtil.isRegName
* Correcting HostPortTest.testValidAuthority
* Correcting RequestTest.testInvalidHostHeader
* Remove clonable, set to final

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-11-08 18:08:20 -06:00
Joakim Erdfelt
3faa2fcd16
Issue - pseudo restore PathMappings.getMatch(String)
+ This returns a MappedResource, but not
  the stored instance, but a new instance
  of MappedResource every time.

+ Flagged deprecated APIs for removal
  as well

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-09-28 11:25:16 -05:00
Olivier Lamy
dbd07146ec
merge back release branch to bump version to 10.0.13-SNAPSHOT ()
* Updating to version 10.0.12

* Updating to version 10.0.13-SNAPSHOT

* VERSION.TXT =+ content of jetty-9.4.49.v20220914 release

* remove strange line and reorder
2022-09-16 19:50:12 +10:00
Simone Bordet
77ad0189ba
Fixes - Review System.nanoTime() usages. ()
* Fixes  - Review System.nanoTime() usages.

Introduced o.e.j.util.NanoTime class to deal with nanoTimes.

Now NanoTime.now() should be used instead of System.nanoTime(),
and various <unit>[elapsed|since|until]() methods to calculate nanoTimes.

Furthermore, comparing 2 nanoTimes should be done via isBefore(),
rather than using the < operator, which is wrong as specified in
the System.nanoTime() javadocs.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2022-09-06 09:30:02 +02:00
Joakim Erdfelt
64d12e2a5a
Merge Release 10.0.11 back into jetty-10.0.x branch ()
* Updating to version 10.0.11

* Updating to version 10.0.12-SNAPSHOT
2022-06-22 16:24:48 -05:00
Joakim Erdfelt
5fddbf9bb1
Issue - Correcting match logic for multiple servlet suffix url-pattern ()
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-06-21 15:24:39 -05:00
Joakim Erdfelt
c2bc103cb9
Merge Release 10.0.10 back into jetty-10.0.x ()
* Updating to version 10.0.11-SNAPSHOT
2022-06-21 14:41:41 +02:00
Joakim Erdfelt
1b4f941942
RegexPathSpec documentation and MatchedPath improvements ()
* More documentation

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-06-16 13:53:04 -05:00
Joakim Erdfelt
d63569d025
Migrate code from jetty-util Logger to slf4j Logger ()
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-06-15 20:01:48 +02:00
Joakim Erdfelt
8de55150fe
Cherry-pick of Improvements to PathSpec for Jetty 10.0.x ()
* Cherry-pick of Improvements to PathSpec.
* From commit: 5b4d1dd1c64482d00919029e0a2ba4ac1f4d8e6b
* Fixing ConstraintSecurityHandler usage of PathMappings
* Fixing bad INCLUDE logic from cherry-pick in ServletHandler.doScope()
* Cleanup of non ServletPathSpec behaviors in ServletPathMapping class
* Skip optional group name/info lookup if regex fails.
* Prevent NPE on static servletPathMappings
* Update WebSocketMappings to use new PathMappings.getMatched(String)

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-06-08 12:36:30 -05:00
Greg Wilkins
7a1c165677
Implement 103 Early Hint ()
Co-authored-by: Ludovic Orban <lorban@bitronix.be>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
2022-06-01 11:56:54 +10:00
Simone Bordet
d1e64f4693
Fixes - Review HttpRequest URI construction. ()
Fixes  - Review HttpRequest URI construction.

Now always adding a "/" before the path, if not already present.
Disabled flakey HTTP/3 test.
Parse CONNECT URIs as Authority

Co-authored-by: Greg Wilkins <gregw@webtide.com>
2022-05-26 18:13:17 +10:00
Greg Wilkins
e12d5d58b6
Jetty 10 7918 root pathspec ()
Fix  Root path spec
Handle root pathspec in PathMappings.asPathSpec
Introduce protected asPathSpec to allow for extensibility

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2022-04-26 19:04:17 +02:00
Greg Wilkins
5fc63bf8e8
Issue - Merge PathSpec improvements made in 9.4.x ()
* Fixes to backport of 

+ Backport of 
+ Fix RegexPathSpec pathInfo
+ Fix UriTemplatePathSpec pathInfo
+ Test regression option to 93 behaviour

* small optimization

Signed-off-by: Greg Wilkins <gregw@webtide.com>
2022-04-06 11:14:52 +02:00
Joakim Erdfelt
16420f0181
Set version to 10.0.10-SNAPSHOT ()
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-04-03 20:33:44 +10:00
Joakim Erdfelt
f079949a35
Merge Release 10.0.9 ()
* Updating to version 10.0.9

* Updating to version 10.0.10
2022-04-02 08:43:44 -05:00
Jaroslaw Rzeszotko
a35719367b
Issue - Use direct buffers for gzip input/output, if configured.
Use direct buffers for gzip input/output, if configured.
Code cleanups.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2022-03-24 17:59:49 +01:00
Simone Bordet
a4fda96f49
Updating to version 10.0.9-SNAPSHOT 2022-02-07 12:02:02 +01:00
Simone Bordet
716c7afd8e
Updating to version 10.0.8 2022-02-07 11:34:12 +01:00
Joakim Erdfelt
cb127793e5
Happy New Year 2022 ()
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
2022-01-27 10:42:30 -06:00
mszabo-wikia
fd2407c72f
Clarify that requestHeaderSize is a cumulative limit ()
* Clarify that requestHeaderSize is a cumulative limit

HttpConfiguration documents the requestHeaderSize configuration option
as being a limit on the size of a single request header, but it is in
fact a limit on the cumulative size of all request headers as well as
the request URI. This patch updates the documentation accordingly, and
adds test cases for the HTTP/1.x and HTTP/2 parsers to verify the
behavior.

NB.: the HTTP/3 parser and configuration seem to correctly document this
option as being a global limit on header size.

* Improve requestHeaderSize tests and documentation per review

Signed-off-by: Máté Szabó <mszabo@wikia-inc.com>
2022-01-19 11:56:27 -06:00
Simone Bordet
3042f2b2bf
Fixes - Slow CONNECT request causes NPE () ()
* Fixes  - Slow CONNECT request causes NPE ()

Added NPE guard in `HttpReceiverOverHTTP.onUpgradeFrom()`.
Expanded logic in `HttpReceiverOverHTTP.parse()` to return true in case of CONNECT + 200.

Fixed `ProxyConnection.toConnectionString()` to avoid NPEs.

Fixed `HttpClientTest.testCONNECTWithHTTP10()` logic
after changes to fix this issue.

Now a tunneled connection is not put back into the connection pool,
and if applications explicitly want to use it, they must re-enable
fill interest, similarly to what should be done after upgrade+101.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
(cherry picked from commit 5eb7b70df7d1e25ffb4ce267126c122f94c181fd)
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2022-01-06 11:08:12 +01:00
Simone Bordet
578ae30311 Issue - QUIC and HTTP/3
Added http3 Jetty module and distribution test.
Implemented simple logic to send the Alt-Svc header in HTTP/2 responses.
Updated JNA dependency to use jna-jpms.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts
a95fe3bfb8 Improvements & bug fixes from testing
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts
3a6a3e094d Use MetaData instead of HttpFields for QPACK
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts
da50072cc8 The QpackEncoder should be able to use PreEncodedHttpFields.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts
bdf44b8e22 Work through examples B.1. and B.2. from spec and fix bugs.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-12-20 09:33:38 +01:00
Lachlan Roberts
7abb1e62f2 Issue #7160- Add AMBIGUOUS_PATH_ENCODING to default UriCompliance mode.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-11-30 16:51:58 +11:00
Lachlan
ec221865b6
Merge pull request from eclipse/jetty-10.0.x-4275-ambiguousparam
Improve  ambiguous URIs ()
2021-10-21 17:48:33 +11:00
Lachlan Roberts
866f4517db Improve ambiguous URIs ()
* Improve  ambiguous URIs

A URI like `/foo/%2e%2e;/bar` should be ambiguous both because of the encoded dots and because of the parameters.  This means that the default setting of jetty-9 is a bit more secure as this path is considered ambiguous if either Violation.SEGMENT or Violation.PARAM is set.

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
2021-10-12 18:22:12 +11:00
Joakim Erdfelt
cfc67f86d2 Updating to version 10.0.8-SNAPSHOT 2021-10-06 14:51:32 -05:00
Joakim Erdfelt
da8a4553af Updating to version 10.0.7 2021-10-06 14:32:37 -05:00
Simone Bordet
0412bdc3d9 Fixes - module-info.java file do not use the canonical order for the elements
Changed order of entries in module-info.java to be canonical

(cherry picked from commit 02691171d500175ac47fedf00a712eeb62dff67c)
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
2021-10-01 09:25:55 +02:00
Olivier Lamy
51d44a3401
use dependencyManagement for internal dependencies ()
Signed-off-by: Olivier Lamy <oliver.lamy@gmail.com>
2021-09-30 16:57:19 +10:00