-
Task
-
Resolution: Won't Do
-
Neutral
-
None
-
3.4.4
-
None
-
-
Empty show more show less
-
Empty show more show less
-
Maintenance 68
If there is a non ASCII character (e.g. an Umlaut) in the URI of an imaging request it returns a 500 error.
HTTP Status 500 – Internal Server ErrorType Exception ReportMessage An invalid path [/.imaging/default/dam/sntde/Bilder/logistikbilder/frau-mit-zebra-gerät-warehouse.jpg/jcr:content.jpg] was specified for this cookieDescription The server encountered an unexpected condition that prevented it from fulfilling the request.Exceptionjava.lang.IllegalArgumentException: An invalid path [/.imaging/default/dam/sntde/Bilder/logistikbilder/frau-mit-zebra-gerät-warehouse.jpg/jcr:content.jpg] was specified for this cookie org.apache.tomcat.util.http.Rfc6265CookieProcessor.validatePath(Rfc6265CookieProcessor.java:227) org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:152) org.apache.catalina.connector.Response.generateCookieString(Response.java:1019) org.apache.catalina.connector.Response.addCookie(Response.java:967) org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:386) javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:58) info.magnolia.cms.security.CsrfTokenSecurityFilter.unloggedRequestCheckPasses(CsrfTokenSecurityFilter.java:174) info.magnolia.cms.security.CsrfTokenSecurityFilter.csrfCheckPasses(CsrfTokenSecurityFilter.java:118) info.magnolia.cms.security.CsrfTokenSecurityFilter.doFilter(CsrfTokenSecurityFilter.java:109) info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) info.magnolia.cms.filters.UnicodeNormalizationFilter.doFilter(UnicodeNormalizationFilter.java:89)
Notes
- In previous version of Magnolia we used to bypass "dot everything". Now that configuration is more refined to include only some dot requests.
- Possibly created by MAGNOLIA-8115 or one of the linked tickets.
- Seems reasonable that adding a bypass for /.imaging would be enough.
Acceptance criteria
- is related to
-
MAGNOLIA-8142 Non ASCII characters in URIs interfere with CsrfTokenSecurityFilter
- Closed
-
MAGNOLIA-8150 CsrfTokenSecurityFilter could create cookie only for text/html requests
- Closed