[
Date Prev][
Date Next][
Thread Prev][Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [servlet-dev] CONNECT and getRequestURI ?
|
The main thing is to say that a filter/servlet will never see a connect request. It may be that the server actually handles it or rejects it, but never passes it to the servlet container
It could be either. Making it configurable would be more effort than its
worth.
I have no strong preference for either.
Mark
On 21/02/2023 17:11, Ph. Dinh wrote:
> Can it be either 405 or 501?
> ------------------------------------------------------------------------
> *From:* servlet-dev <servlet-dev-bounces@xxxxxxxxxxx> on behalf of Mark
> Thomas <markt@xxxxxxxxxx>
> *Sent:* Tuesday, February 21, 2023 7:24 AM
> *To:* servlet-dev@xxxxxxxxxxx <servlet-dev@xxxxxxxxxxx>
> *Subject:* Re: [servlet-dev] CONNECT and getRequestURI ?
> On 14/02/2023 23:51, Greg Wilkins wrote:
>>
>> All,
>>
>> I'm not advocating that we support CONNECT. Just asking what should the
>> standard behavior be if we do get a CONNECT request.
>
> Ack.
>
>> Note that the spec saying that CONNECT is not supported is not very
>> strong. It is in the context of the API of the Servlet and not so much a
>> requirement of the server.
>
> Fair enough.
>
>> I'd be happy with a requirement that a CONNECT request be handled with a
>> 405 response.... and then the return from getRequestURI does not matter.
>
> Any objections to a PR to that effect?
>
> Mark
>
>
>>
>> cheers
>>
>>
>>
>>
>> On Tue, 14 Feb 2023 at 22:12, Masao Sato <masato@xxxxxxxxxx
>> <mailto:masato@xxxxxxxxxx <mailto:masato@xxxxxxxxxx>>> wrote:
>>
>> >I'll note that the Spec document explicitly states that the CONNECT
>> >method is not supported.
>>
>> Because of that the CONNECT request could not be treated as a normal
>> http request,
>> HttpServlet and HttpServletRequest are not filt to handle it.
>> The spec has a Servlet and ServletReqeust ( not HttpServletRequest )
>> interfaces
>> for generic protocols, all extended methods from ServletRequest except
>> getMethod()
>> should throw some exception. and the application should forward to a
>> servlet which
>> inherited Servlet ( not HttpServlet ) by calling
>> ServletRequest#getRequestDispatcher().
>>
>> Regards,
>> Masao Sato
>>
>> 2023年2月14日(火) 18:32 Mark Thomas <markt@xxxxxxxxxx
>> <mailto:markt@xxxxxxxxxx <mailto:markt@xxxxxxxxxx>>>:
>> >
>> > On 14/02/2023 00:15, Stuart Douglas wrote:
>> > > If you don't like null because of the potential for NPEs I
>> think you
>> > > could also make a similar argument for the empty string. If
>> developers
>> > > are not thinking about connect requests they could assume that
>> it will
>> > > always be at least length 1 and you could end up with different
>> exceptions.
>> > >
>> > > Stuart
>> > >
>> > > On Tue, 14 Feb 2023 at 11:07, Greg Wilkins <gregw@xxxxxxxxxxx
>> <mailto:gregw@xxxxxxxxxxx <mailto:gregw@xxxxxxxxxxx>>
>> > > <mailto:gregw@xxxxxxxxxxx <mailto:gregw@xxxxxxxxxxx
> <mailto:gregw@xxxxxxxxxxx>>>> wrote:
>> > >
>> > >
>> > > So options are now null, "" and "/". Older jetty was "", newer
>> > > jetty is null and undertow is "/".
>> > > Where does tomcat land in this? I'm very happy to change
>> jetty to
>> > > anything, I just want it to be standard.
>> > > I think null is probably my least favourite and I'm on
>> fence with ""
>> > > vs "/".
>> >
>> > Tomcat currently returns a 400 response.
>> >
>> > I'll note that the Spec document explicitly states that the CONNECT
>> > method is not supported.
>> >
>> > Unless we think there are web applications that actually want to
>> > implement CONNECT, I'm leaning towards requiring a 405 response
>> to all
>> > CONNECT requests.
>> >
>> > I found one request to implement CONNECT on the Tomcat users list
>> from
>> > 2016 and I'm not convinced that was the correct solution to the
>> problem
>> > the user was facing.
>> >
>> > If we do change the spec to permit CONNECT requests, then I think
>> we'll
>> > need to:
>> > - add a doConnect() method to HttpServlet
>> > - specify the expected value for getRequestURI()
>> > - specify how the CONNECT request is mapped to a Servlet
>> >
>> > Mark
>> > _______________________________________________
>> > servlet-dev mailing list
>> > servlet-dev@xxxxxxxxxxx <mailto:servlet-dev@xxxxxxxxxxx <mailto:servlet-dev@xxxxxxxxxxx>>
>> > To unsubscribe from this list, visit
>> https://www.eclipse.org/mailman/listinfo/servlet-dev
> <https://www.eclipse.org/mailman/listinfo/servlet-dev>
>> <https://www.eclipse.org/mailman/listinfo/servlet-dev
> <https://www.eclipse.org/mailman/listinfo/servlet-dev>>
>>
>>
>>
>> --
>> レッドハット株式会社
>> サービス事業統括本部
>> 佐藤 将夫
>>
>> _______________________________________________
>> servlet-dev mailing list
>> servlet-dev@xxxxxxxxxxx <mailto:servlet-dev@xxxxxxxxxxx <mailto:servlet-dev@xxxxxxxxxxx>>
>> To unsubscribe from this list, visit
>> https://www.eclipse.org/mailman/listinfo/servlet-dev
> <https://www.eclipse.org/mailman/listinfo/servlet-dev>
>> <https://www.eclipse.org/mailman/listinfo/servlet-dev
> <https://www.eclipse.org/mailman/listinfo/servlet-dev>>
>>
>>
>>
>> --
>> Greg Wilkins <gregw@xxxxxxxxxxx <mailto:gregw@xxxxxxxxxxx <mailto:gregw@xxxxxxxxxxx>>> CTO
>> http://webtide.com <http://webtide.com> <http://webtide.com
> <http://webtide.com>>
>>
>> _______________________________________________
>> servlet-dev mailing list
>> servlet-dev@xxxxxxxxxxx
>> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/servlet-dev
> <https://www.eclipse.org/mailman/listinfo/servlet-dev>
> _______________________________________________
> servlet-dev mailing list
> servlet-dev@xxxxxxxxxxx
> To unsubscribe from this list, visit
> https://www.eclipse.org/mailman/listinfo/servlet-dev
> <https://www.eclipse.org/mailman/listinfo/servlet-dev>
>
> _______________________________________________
> servlet-dev mailing list
> servlet-dev@xxxxxxxxxxx
> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/servlet-dev
_______________________________________________
servlet-dev mailing list
servlet-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/servlet-dev