-
Bug
-
Resolution: Fixed
-
Major
-
1.0.1, 1.1.1
-
None
-
-
Empty show more show less
-
Yes
-
Saigon 151
-
2
Summary
With Tomcat 9 (9.0.8 on barebone-1.1) - certain characters in an URI lead to an error; the same characters were accepted on our Tomcat-8 on barebone-1.0.
We should aim to allow the same characters as we did on Tomcat-8.
Error on Tomcat 9.0.8
java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
(See gist for the complete stack trace)
This did not happen with the barebone-1.0.
Example
curl -g -G "<protocol>//<host>/<context>/.rest/delivery/pagesWithComponents/v1" --data-urlencode "title[like]=%Company%" -u superuser:superuser
Tomcat 9, the way we have configured it, fails on the chars [ ] but accepts |.
Tomcat 8 accepted both pipe and square brackets.
Further reading
- https://tomcat.apache.org/tomcat-9.0-doc/config/http.html (see section about _ relaxedQueryChars_)
- https://stackoverflow.com/questions/41053653/tomcat-8-is-not-able-to-handle-get-request-with-in-query-parameters
- https://stackoverflow.com/questions/11490326/is-array-syntax-using-square-brackets-in-url-query-strings-valid
Possible solution
Set relaxedQueryChars property on Connector.
Example:
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" relaxedQueryChars="[]|{}^\`"<>" redirectPort="8443" />
See
- is related to
-
MGNLREST-305 Brackets In Filtered Rest Calls Do Not Work
- Closed
- relates to
-
DOCU-2176 Document Tomcat relaxedQueryChars in more places
- Closed
- links to