-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
URI Host Mismatch with optional Compliance modes #9343
Commits on Feb 3, 2023
-
Introduce HttpCompliance.MISMATCHED_AUTHORITY
+ Checks if provided Host authority matches an absolute target-uri authority + Default is to reject with 400 Bad Request + Optional HttpCompliance to disable this check. Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 73b52b2 - Browse repository at this point
Copy the full SHA 73b52b2View commit details -
Update ForwardedRequestCustomizerTest
+ use example.org (instead of example.net) + fix tests that are now failing due to enforcement of absolute target-uri authority and provided Host header Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 7c266fc - Browse repository at this point
Copy the full SHA 7c266fcView commit details -
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 9e39c4f - Browse repository at this point
Copy the full SHA 9e39c4fView commit details -
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for bfc73b1 - Browse repository at this point
Copy the full SHA bfc73b1View commit details -
Update NcsaRequestLogTest.testAbsolute
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for a663b40 - Browse repository at this point
Copy the full SHA a663b40View commit details -
Use RFC2616 mode in RFC2616 tests
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 8c243e5 - Browse repository at this point
Copy the full SHA 8c243e5View commit details
Commits on Feb 12, 2023
-
Merge remote-tracking branch 'origin/jetty-10.0.x' into fix/jetty-10.…
…0.x/uri-host-mismatch
Configuration menu - View commit details
-
Copy full SHA for 8ef9b56 - Browse repository at this point
Copy the full SHA 8ef9b56View commit details -
Alternative fix for mismatched host headers
This PR fixes the miss-matched host header issue in the Request.setMetaData method. This requires no change to the HttpParser. A more comprehensive fix can be considered for jetty-12. Signed-off-by: gregw <gregw@webtide.com>
Configuration menu - View commit details
-
Copy full SHA for b9d91ce - Browse repository at this point
Copy the full SHA b9d91ceView commit details
Commits on Feb 13, 2023
-
Alternative fix for mismatched host headers
Updates from review Signed-off-by: gregw <gregw@webtide.com>
Configuration menu - View commit details
-
Copy full SHA for e95aba1 - Browse repository at this point
Copy the full SHA e95aba1View commit details