tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Frederic <jfcl...@gmail.com>
Subject Re: Changing JK_OPT_FWDURIDEFAULT to JK_OPT_FWDURICOMPATUNPARSED
Date Wed, 16 May 2007 06:39:52 GMT
On Tue, 2007-05-15 at 18:37 +0200, Rainer Jung wrote:
> I didn't follow this, but the comment in the httpd 2.x module code says:
> 
>      /*
>       * The 2.2 servlet spec errata says the uri from
>       * HttpServletRequest.getRequestURI() should remain encoded.
>       * [http://java.sun.com/products/servlet/errata_042700.html]
>       *
>       * We use JkOptions to determine which method to be used
>       *
>       * ap_escape_uri is the latest recommanded but require
>       *               some java decoding (in TC 3.3 rc2)
>       *
>       * unparsed_uri is used for strict compliance with spec and
>       *              old Tomcat (3.2.3 for example)
>       *
>       * uri is use for compatibilty with mod_rewrite with old Tomcats
>       */
> 
> We do (pseudo code):
> 
> JK_OPT_FWDURICOMPATUNPARSED:
>          s->req_uri = r->unparsed_uri;
>          if (s->req_uri != NULL) {
>              char *query_str = strchr(s->req_uri, '?');
>              if (query_str != NULL) {
>                  *query_str = 0;
>              }
>          }
> 
> JK_OPT_FWDURICOMPAT (the DEFAULT):
>          s->req_uri = r->uri;
> 
> JK_OPT_FWDURIESCAPED:
>          s->req_uri = ap_escape_uri(r->pool, r->uri);
>          break;
> 
> 
> And finally our docs state:
> 
> The three following options +ForwardURIxxx are mutually exclusive. ...
> By default, the option ForwardURICompat is turned on. You can turn this 
> off by switching on one of the other two.
> 
> JkOptions ForwardURICompat, you ask mod_jk to send the URI to Tomcat 
> normally, which is less spec compliant but mod_rewrite compatible, use 
> it for compatibility with Tomcat 3.2.x engines (on by default).
> 
> JkOptions ForwardURICompatUnparsed, the forwarded URI is unparsed, it's 
> spec compliant but broke mod_rewrite.
> 
> JkOptions ForwardURIEscaped, the forwarded URI is escaped and Tomcat 
> (since 3.3 rc2) will do the decoding part.
> 
> So what we do is what is documented. Breaking the default should have 
> serious reasons at least. For 1.3/3.0 we could consider changing more 
> easily of course.
> 
> Why do you think the default is bad?

Because it breaks the spec's and allows unexpected handling of url that
are encoded (for example: /context-A/%252E%252E/context-B that is send
to Tomcat as /context-A/%2E%2E/context-B and mapped by Tomcat
as /context-B).

Cheers

Jean-Frederic

> 
> Regards,
> 
> Rainer
> 
> Jean-Frederic wrote:
> > Hi,
> > 
> > I think that the default value of JK_OPT_FWDURIDEFAULT is bad and should
> > be JK_OPT_FWDURICOMPATUNPARSED.
> > 
> > Any comments?
> > 
> > Cheers
> > 
> > Jean-Frederic
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message