Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 2.2.9.Final, 2.0.39.Final
Affects Version/s: None
Component/s: Core
Labels:
None

Steps to Reproduce:

Hide

https://some.server.name/?query=^ when HTTP/2 is enabled.

Show
https://some.server.name/?query= ^ when HTTP/2 is enabled.
Release Note Text:
Undefined
Git Pull Request:
https://github.com/undertow-io/undertow/pull/1107, https://github.com/undertow-io/undertow/pull/1108, https://github.com/undertow-io/undertow/pull/1109

Description

UndertowOptions.ALLOW_UNESCAPED_CHARACTERS_IN_URL is read in HttpRequestParser.java here: https://github.com/undertow-io/undertow/blob/2abb6a2822c6a97904bba4d4b7a601b8e95c4122/core/src/main/java/io/undertow/server/protocol/http/HttpRequestParser.java#L215

and it is used when checking characters here: https://github.com/undertow-io/undertow/blob/2abb6a2822c6a97904bba4d4b7a601b8e95c4122/core/src/main/java/io/undertow/server/protocol/http/HttpRequestParser.java#L392

This works fine for HTTP 1.x but for HTTP/2 the same functionality is missing.

In Http2ReceiveListener here: https://github.com/undertow-io/undertow/blob/2abb6a2822c6a97904bba4d4b7a601b8e95c4122/core/src/main/java/io/undertow/server/protocol/http2/Http2ReceiveListener.java#L323 it always checks for valid characters but does not take UndertowOptions.ALLOW_UNESCAPED_CHARACTERS_IN_URL into account.

It should not check for the valid characters if UndertowOptions.ALLOW_UNESCAPED_CHARACTERS_IN_URL enabling the same functionality in HTTP/2 as is in place with HTTP/1.x today.

This replaces of ~~UNDERTOW-1878~~ which did not have an accurate description of the actual problem.

Attachments

Activity

People

Assignee:: Bartosz Baranowski

Reporter:: Kim Rasmussen (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2021/04/15 2:44 PM

Updated:: 2021/10/24 5:58 AM

Resolved:: 2021/07/20 6:37 AM