Issue #6473 - canonicalPath refactor & fix alias check in PathResource
* Reverted %-escape handling for URI query parts.
* Performing canonicalization in ServletContext.getResource(),
and improving alias checking in ContextHandler.getResource().
* Performing canonicalization checks in Resource.addPath() to avoid
navigation above of the root.
* Test added and fixed.
* Various cleanups.
* Improved javadoc and comments
* Compliance mode HttpURI uses UriCompliance.Violation
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
FileBufferedResponseHandler adds an HttpOutput.Interceptor to buffer all responses into a file until the output is closed. This allows the commit to be delayed until the response is complete and thus headers and response status can be changed while writing the body.
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
* Fix#4275 separate compliance modes for ambiguous URI segments and separators
default modes allows both ambiguous separators and segments, but still forbids ambiguous parameters
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* More optional etag gzip fixes for #5979
IF no separator defined, do not add a suffix to an etag.
Some cleanup of the implementation.
* More optional etag gzip fixes for #5979
updates from review
* Fix#5979 by allowing a configurable etag separator.
Fix#5979 by allowing a configurable etag separator
* updates from review
* Updates from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Handle URIs by first resolving relative paths and then decoding.
Added compliance mode to return 400 if there are ambiguous path segments.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #5605 unconsumed input on sendError
Add Connection:close if content can't be consumed during a sendError. Processed after the request has returned to the container.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Update from review
+ Add close on all uncommitted requests when content cannot be consumed.
* Update from review
+ fixed comment
+ space comma
* Only consume input in COMPLETE if response is >=200 (ie not an upgrade or similar)
* Updated to be less adventurous
I do not think it was valid to always consumeAll in COMPLETE as this could break upgrades with both 101s and 200s
Instead I have reverted to having this consumeAll logic only:
+ in sendError once control has passed back to the container and we are about to generate an error page.
+ in front of all the sendRedirection that we do without calling the application first.
Extra tests also added
* Updated to be less adventurous
reverted test
* Testcase for odd sendError(400) issue.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Fix for odd sendError(400) issue.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
* Testcase for odd sendError(400) issue.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Always try to consumeAll on all requests
* Refinements after testing in 10
* Refinements after testing in 10
Fixed test
* Fixed comment from review
* Updates from review
+ added redirect methods that consumeAll
+ ensureContentConsumedOrConnectionClose renamed to ensureConsumeAllOrNotPersistent
+ ensureConsumeAllOrNotPersistent now handles HTTP/1.0 and HTTP/1.1 differently
* better consumeAll implementation
* update from review
+ better javadoc
+ filter out keep-alive
+ added more tests
* update from review
+ better javadoc
* update from review
+ fixed form redirection test for http 1.0 and 1.1
* update from review
+ HttpGenerator removes keep-alive if close present
+ Use isRedirection
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Simone Bordet <simone.bordet@gmail.com>
* Fix#5562 Improve HTTP Field cache allocation
Fix#5562 by initially putting cacheable fields into a inexpensive arraylist.
Only create the Trie (with space and complexity costs) if a second request is received.
* Fixed NPE
* Feedback from review
Create `HttpHeader.isPseudo()`` method
improved clarity with `createFieldCacheIfNeeded()``
* Feedback from review
Only defer Trie creation to first cacheable field, not until next request.
* Updates from review
* Update from review
+ more javadoc
+ empty set return
+ Added all IANA methods
+ Used Trie for most lookups
+ Fixed ArrayTernayTrie lookup
+ optimised GET, POST and HEAD
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Lachlan
Joakim Erdfelt
Ludovic Orban
Greg Wilkins
olivier lamy