-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
2.2.3.Final
-
None
-
-
Undefined
When using the character ^ as part of a query string (or path) the request is rejected with a protocol errors.
This seems to be HttpRequestParser.isTargetCharacterAllowed(char c) that uses the following table:
for(int i = 0; i < 256; ++i) { if(i < 32 || i > 126) { ALLOWED_TARGET_CHARACTER[i] = false; } else { switch ((char)i) { case '\"': case '#': case '<': case '>': case '\\': case '^': case '`': case '{': case '|': case '}': ALLOWED_TARGET_CHARACTER[i] = false; break; default: ALLOWED_TARGET_CHARACTER[i] = true; } } }
The problem is that some older applications uses the ^ character as part of the query string and this works perfectly will with HTTP1.1 in Undertow, but not with HTTP/2 enabled.
I can understand that some of this was implemented to as a quick fix to guard against request smuggling but perhaps the check should not be this strict on the ":path" header ?
