Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

URI Host Mismatch with optional Compliance modes #9343

Merged
merged 9 commits into from
Feb 13, 2023
Merged

URI Host Mismatch with optional Compliance modes #9343

merged 9 commits into from
Feb 13, 2023

Commits on Feb 3, 2023

  1. Introduce HttpCompliance.MISMATCHED_AUTHORITY 

    + Checks if provided Host authority matches
  an absolute target-uri authority
+ Default is to reject with 400 Bad Request
+ Optional HttpCompliance to disable this
  check.

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
    @joakime
    joakime committed Feb 3, 2023
    Configuration menu
    Copy the full SHA
    73b52b2 View commit details
    Browse the repository at this point in the history

  2. Update ForwardedRequestCustomizerTest 

    + use example.org (instead of example.net)
+ fix tests that are now failing due
  to enforcement of absolute target-uri
  authority and provided Host header

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
    @joakime
    joakime committed Feb 3, 2023
    Configuration menu
    Copy the full SHA
    7c266fc View commit details
    Browse the repository at this point in the history

  3. Expand RequestTest 

    Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
    @joakime
    joakime committed Feb 3, 2023
    Configuration menu
    Copy the full SHA
    9e39c4f View commit details
    Browse the repository at this point in the history

  4. Update HttpCompliance.RFC2616 

    Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
    @joakime
    joakime committed Feb 3, 2023
    Configuration menu
    Copy the full SHA
    bfc73b1 View commit details
    Browse the repository at this point in the history

  5. Update NcsaRequestLogTest.testAbsolute 

    Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
    @joakime
    joakime committed Feb 3, 2023
    Configuration menu
    Copy the full SHA
    a663b40 View commit details
    Browse the repository at this point in the history

  6. Use RFC2616 mode in RFC2616 tests 

    Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
    @joakime
    joakime committed Feb 3, 2023
    Configuration menu
    Copy the full SHA
    8c243e5 View commit details
    Browse the repository at this point in the history

Commits on Feb 12, 2023

  1. Merge remote-tracking branch 'origin/jetty-10.0.x' into fix/jetty-10.… 

    …0.x/uri-host-mismatch
    @gregw
    gregw committed Feb 12, 2023
    Configuration menu
    Copy the full SHA
    8ef9b56 View commit details
    Browse the repository at this point in the history

  2. Alternative fix for mismatched host headers 

    This PR fixes the miss-matched host header issue in the Request.setMetaData method. This requires no change to the HttpParser.
A more comprehensive fix can be considered for jetty-12.

Signed-off-by: gregw <gregw@webtide.com>
    @gregw
    gregw committed Feb 12, 2023
    Configuration menu
    Copy the full SHA
    b9d91ce View commit details
    Browse the repository at this point in the history

Commits on Feb 13, 2023

  1. Alternative fix for mismatched host headers 

    Updates from review

Signed-off-by: gregw <gregw@webtide.com>
    @gregw
    gregw committed Feb 13, 2023
    Configuration menu
    Copy the full SHA
    e95aba1 View commit details
    Browse the repository at this point in the history