[MGNLTOMCAT-6] Tomcat 9 less tolerant on special characters (compared to Tomcat 8) Created: 20/Jul/18 Updated: 05/May/21 Resolved: 13/Aug/18 |
|
| Status: | Closed |
| Project: | Barebones Tomcat Bundle |
| Component/s: | None |
| Affects Version/s: | 1.0.1, 1.1.1 |
| Fix Version/s: | 1.0.3, 1.1.2 |
| Type: | Bug | Priority: | Major |
| Reporter: | Christoph Meier | Assignee: | Hieu Nguyen Duc |
| Resolution: | Fixed | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | 0d | ||
| Time Spent: | 2.25d | ||
| Original Estimate: | 1.5d | ||
| Issue Links: |
|
||||||||||||||||||||
| Template: |
|
||||||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||||||
| Task DoD: |
[ ]*
Cloud deployments affected?
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||||||||||||||
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
||||||||||||||||||||
| Release notes required: |
Yes
|
||||||||||||||||||||
| Date of First Response: | |||||||||||||||||||||
| Sprint: | Saigon 151 | ||||||||||||||||||||
| Story Points: | 2 | ||||||||||||||||||||
| Description |
|
Summary Error on Tomcat 9.0.8 java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986 (See gist for the complete stack trace) Example
curl -g -G "<protocol>//<host>/<context>/.rest/delivery/pagesWithComponents/v1" --data-urlencode "title[like]=%Company%" -u superuser:superuser
Tomcat 9, the way we have configured it, fails on the chars [ ] but accepts |. Further reading
Possible solution Set relaxedQueryChars property on Connector. <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" relaxedQueryChars="[]|{}^\`"<>" redirectPort="8443" /> See
|
| Comments |
| Comment by Mikaël Geljić [ 20/Jul/18 ] |
|
since
|
| Comment by Hieu Nguyen Duc [ 08/Aug/18 ] |
|
Square brackets and pipe will be supported in Magnolia 6, 5.7.2, 5.6.9, 5.5.13. |
| Comment by Ngoc Nguyenthanh [ 15/Aug/18 ] |
|
Tested on normal cases. Not enough knowledge on advanced security tests. We should consider to keep Tomcat version of REST integration tests in sync with Tomcat bare-bone. If it's in sync, we will know the issue sooner. I'll close the ticket because of the issue has been fixed. |