[MAGNOLIA-8220] Assets with space on its filename makes CSRFTokenSecurityFilter to log an error Created: 13/Oct/21  Updated: 10/Nov/21  Resolved: 10/Nov/21

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Neutral
Reporter: Carlos Cantalapiedra Assignee: Unassigned
Resolution: Outdated Votes: 1
Labels: csrf
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Problem/Incident
Relates
duplicate
duplicates MAGNOLIA-8162 Image URI with spaces cause CsrfToken... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

Steps to reproduce

  1. Upload an asset with a white space on its filename
  2. Create a component which retrieves the asset using damfn.getAsset
  3. Use the component on a page and check that, tho the image is displayed, the error

    ERROR info.magnolia.cms.security.CsrfTokenSecurityFilter: An error occurred while trying to ASCII encode the request servlet path /dam/jcr:ae3c0301-d6c3-467d-84ac-28f7ac3be810/images space.jpeg
    java.net.URISyntaxException: Illegal character in path at index 52: /dam/jcr:ae3c0301-d6c3-467d-84ac-28f7ac3be810/images space.jpeg

is displayed on the log.

Expected results

No error is thrown

Actual results

Image is displayed but error is printed

Workaround

Customize CsrfTokenSecurityFilter class to suppress white spaces on generateCookie method

Development notes

It happens only for Magnolia 6.2.12 when the generateCookie method was introduced.



 Comments   
Comment by Christopher Chard [ 27/Oct/21 ]

Hey there,
this is pretty much flooding our logs right now. As every log entry costs a few microcents in Azure this isn't so nice because it really adds up over time with many many assets.

While waiting for a fix: Is there any workaround?

Cheers

Chris

Generated at Mon Feb 12 04:30:43 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.