+ Now applying proper RFC 1952 ISIZE check.
+ Bit shifting is done with Longs against Long value.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #4247 SameSite Session Cookie
Allows sameSite cookie settings to be configured in SessionCookieConfig comments
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4247 SameSite Session Cookies
Use non versioned cookie
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4247 SameSite Session Cookies
Added test and fixed getCommentWithAttributes
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4247 - Updating unit tests for HttpCookie
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #4247 SameSite Session Cookie
While it may be best practise to always use Secure cookies when SameSite is None, there is nothing in the RFC that mandates it and thus I don't believe we should prevent such a configuration. If browsers enforce this, then users will find out soon enough... and if browsers change, then we are not required to do a new release to match.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4247 SameSite Session Cookie
For cookie comments with multiple SameSite attributes, the most strict
value is used. So `Strict` has precedence over `Lax` which has
precedence over `None`.
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4203 - Updating test to verify report on Transfer-Encoding
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Fixes#4203 - Transfer-Encoding + Content-Length is 400 Bad Request
+ Fixing validation to not be header order dependent.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #4203 - Fixing hasTransferEncoding reset and testcase assumption
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #4204 - Transfer-Encoding RFC7230 behaviors
+ More test cases and implementation.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #4204 - Transfer-Encoding RFC7230 behaviors
+ Adjusting HttpParser to handle the case where we have multiple
Transfer-Encoding headers and none declare the 'chunked' token.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #4204 - Transfer-Encoding RFC7230 behaviors
+ Making changes from PR review
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
* Issue #4203 Transfer Encoding
request with TE and no chunking is a Bad Request
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4208 Content-Length in 304
Added tests for RFC7230 section 3.3.2 for 304 and HEAD responses with content length.
Fixed HttpGenerator to set content-length in 304 response
Fixed insufficient content written check for 304
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4208 Content-Length in 304
Use contentLengthField
Signed-off-by: Greg Wilkins <gregw@webtide.com>
Added test to reproduce issue
Fixed bug from #2772 where output was shutdown on DONE without checking for END.
Fixed aggregation logic to aggregate last write if aggregation already started
Improved comments and clarify conditions
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Issue #4075 accept url-pattern such /On* as exact match
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* changes after review from Greg
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* Issue #3806 async sendError
Avoid using isHandled as a test withing sendError as this can be
called asynchronously and is in a race with the normal dispatch of the
request, which could also be setting handled status.
The ErrorHandler was dispatching directly to a context from within
sendError. This meant that an async thread can call sendError and be
dispatched to within the servlet container at the same time that the
original thread was still dispatched to the container.
This commit fixes that problem by using an async dispatch for error
pages within the ErrorHandler. However, this introduces a new problem
that a well behaved async app will call complete after calling
sendError. Thus we have ignore complete ISEs for the remainder of
the current async cycle.
Fixed the closing of the output after calling sendError. Do not
close if the request was async (and thus might be dispatched to an
async error) or if it is now async because the error page itself is
async.
* updates from review
* better tests
* revert ignore complete
* added some TODOs
* more TODOs
* fixed rename
* cleanup ISE and more TODOs
* refactored to call sendError for uncaught exceptions rather than onError
* more of the refactor
* extra tests for sendError from completing state
Reworked HttpChannelState and sendError so that sendError is now
just a change of state. All the work is done in the ErrorDispatch
action, including calling the ErrorHandler. Async not yet working.
Additional tests
Converted ERRORED state to a separate boolean so it can be used for
both Sync and Async dispatches.
Removed ASYNC_IO state as it was just the same as DISPATCHED
The async onError listener handling is now most likely broken.
WIP making sendError simpler and more tests pass
WIP handling async and thrown exceptions
WIP passing tests
Improved thread handling
removed bad test
Implemented error dispatch on complete properly
more fixed tests
sendError state looks committed
- Added resetContent method to leave more non-content headers during sendError
- Fixed security tests
- simplified the non dispatch error page writing. Moved towards being able to write async
* fixed gzipHandlerTest
* Updated handling of timeout errors. According to servlet spec,
exceptions thrown from onTimeout should not be passed to onError, but
just logged and ignored:
If an exception is thrown while invoking methods in an AsyncListener,
it is logged and will not affect the invocation of any other AsyncListeners.
* This changes several tests.
* Dispatcher/ContextHandler changes for new ERROR dispatch handling. Feels a bit fragile!
* Fixed tests in jetty-servlets
* Fixed tests in jetty-proxy
* more test fixes
* Fixed head handling
reverted unnecessary changes
Improved reason handling
WIP on fully async error handling.
Simplified HttpChannelState state machines to allow for async actions
during completing
more WIP on fully async error handling.
sendError and completion are not both non-blocking, without using
a startAsync operation. However we are lacking unit tests that actually
exercise those code paths.
* Simplified name of states
Added test for async completion
* Cleanups and javadoc
* Cleanups and javadoc
* remove snake case
* feedback from review
* Write error page into fixed pooled buffer
Use the response to get/release a pooled buffer into which the error
page can be written. Make it a fixed sized buffer and if it overflows
then no error page is generated (first overflow turns off showstacks
to save space).
The ErrorHandler badly needs to be refactored, but we cannot change
API in jetty-9
* More test fixes for different error page format
* minor cleanups
* Cleanup from Review
* Fixed javadoc
* cleanups and simplifications
* Cleanup from Review
* renaming and some TODOs
* Cleanup from Review
* Checkstyle fixes
* Cleanup from Review
* Code cleanups and simplifications
* fixed debug
* Cleanup from Review
* Ensure response sent before server shutdown
* removed unnecessary optimisation
* fixed duplicate from merge
* Updates from review
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* Removing Legacy Method Separators
* Restyling branch `jetty-9.4.x`
* Applying changes highlighted by checkstyle
* Applying XML restyling
* Fixing XML codestyle for IntelliJ
* Fixing XML style mistakes
* Revert "Applying XML restyling"
* Updating checkstyle for XML codestyle
* Reformatting pom.xml files
* Fixed empty string from line wraps
* Update intellij style to not do expression relative formatting. Reformatted code based on that.
* Increasing line split on Eclipse IDE Formatter to 512
* Restoring setting on internal default value.
+ IntelliJ will not export settings on things that set to their
internal default values.
We want to keep those values as a hedge against future default
value changes in future releases of IntelliJ.
* Fixing intellij codestyle
* do not allow single line simple methods
* misc checkstyle fixes
* re-exported with correct name and all values
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Signed-off-by: Greg Wilkins <gregw@webtide.com>
+ StringUtil.replace()
+ StringUtil.replaceFirst()
+ StringUtil.sanitizeFileSystemPath()
Change existing usages of String.replace() to either
use new StringUtil.replace() or other methods elsewhere
that better suit that specific need.
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
- do not parse MultiParts in constructor so the attribute can be set
- deleteParts in MultiPartFormInputStream from _parts MultiMap
- only add the MultiPartCleanerListener once per context
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
+ Deprecated B64Code
+ All code that isn't B64CodeTest is now using java.util.Base64
+ B64CodeTest is updated to confirm change to java.util.Base64
is possible without change in behavior. Just have to make
sure you use the appropriate Encoder / Decoder for the task
at hand (default vs mime vs url)
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Added support for the X-Forwarded-Port header.
Reimplemented header scanning using more efficient Trie and MethodHandles
Signed-off-by: Greg Wilkins <gregw@webtide.com>
* exclude ipv6 test as currently failing on kubernetes, using junit tag and ci profile activated via Jenkinsfile
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
* upgrade surefire to 3.0.0-M3
Signed-off-by: olivier lamy <oliver.lamy@gmail.com>