[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [servlet-dev] CONNECT and getRequestURI ?
|
On 14/02/2023 23:51, Greg Wilkins wrote:
All,
I'm not advocating that we support CONNECT. Just asking what should the
standard behavior be if we do get a CONNECT request.
Ack.
Note that the spec saying that CONNECT is not supported is not very
strong. It is in the context of the API of the Servlet and not so much a
requirement of the server.
Fair enough.
I'd be happy with a requirement that a CONNECT request be handled with a
405 response.... and then the return from getRequestURI does not matter.
Any objections to a PR to that effect?
Mark
cheers
On Tue, 14 Feb 2023 at 22:12, Masao Sato <masato@xxxxxxxxxx
<mailto:masato@xxxxxxxxxx>> wrote:
>I'll note that the Spec document explicitly states that the CONNECT
>method is not supported.
Because of that the CONNECT request could not be treated as a normal
http request,
HttpServlet and HttpServletRequest are not filt to handle it.
The spec has a Servlet and ServletReqeust ( not HttpServletRequest )
interfaces
for generic protocols, all extended methods from ServletRequest except
getMethod()
should throw some exception. and the application should forward to a
servlet which
inherited Servlet ( not HttpServlet ) by calling
ServletRequest#getRequestDispatcher().
Regards,
Masao Sato
2023年2月14日(火) 18:32 Mark Thomas <markt@xxxxxxxxxx
<mailto:markt@xxxxxxxxxx>>:
>
> On 14/02/2023 00:15, Stuart Douglas wrote:
> > If you don't like null because of the potential for NPEs I
think you
> > could also make a similar argument for the empty string. If
developers
> > are not thinking about connect requests they could assume that
it will
> > always be at least length 1 and you could end up with different
exceptions.
> >
> > Stuart
> >
> > On Tue, 14 Feb 2023 at 11:07, Greg Wilkins <gregw@xxxxxxxxxxx
<mailto:gregw@xxxxxxxxxxx>
> > <mailto:gregw@xxxxxxxxxxx <mailto:gregw@xxxxxxxxxxx>>> wrote:
> >
> >
> > So options are now null, "" and "/". Older jetty was "", newer
> > jetty is null and undertow is "/".
> > Where does tomcat land in this? I'm very happy to change
jetty to
> > anything, I just want it to be standard.
> > I think null is probably my least favourite and I'm on
fence with ""
> > vs "/".
>
> Tomcat currently returns a 400 response.
>
> I'll note that the Spec document explicitly states that the CONNECT
> method is not supported.
>
> Unless we think there are web applications that actually want to
> implement CONNECT, I'm leaning towards requiring a 405 response
to all
> CONNECT requests.
>
> I found one request to implement CONNECT on the Tomcat users list
from
> 2016 and I'm not convinced that was the correct solution to the
problem
> the user was facing.
>
> If we do change the spec to permit CONNECT requests, then I think
we'll
> need to:
> - add a doConnect() method to HttpServlet
> - specify the expected value for getRequestURI()
> - specify how the CONNECT request is mapped to a Servlet
>
> Mark
> _______________________________________________
> servlet-dev mailing list
> servlet-dev@xxxxxxxxxxx <mailto:servlet-dev@xxxxxxxxxxx>
> To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/servlet-dev
<https://www.eclipse.org/mailman/listinfo/servlet-dev>
--
レッドハット株式会社
サービス事業統括本部
佐藤 将夫
_______________________________________________
servlet-dev mailing list
servlet-dev@xxxxxxxxxxx <mailto:servlet-dev@xxxxxxxxxxx>
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/servlet-dev
<https://www.eclipse.org/mailman/listinfo/servlet-dev>
--
Greg Wilkins <gregw@xxxxxxxxxxx <mailto:gregw@xxxxxxxxxxx>> CTO
http://webtide.com <http://webtide.com>
_______________________________________________
servlet-dev mailing list
servlet-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/servlet-dev
