-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Return requested content type error response in case of URI Violation and not always text/html #11524
Comments
The error happens very early in the parsing, Jetty finds the URI violation and does not both parsing further, as this can be an attack. We try to be gentle and send a proper response rather than just closing the connection, but the |
@sbordet That is what I thought 👍 |
@dhs3000 It looks like the error you are seeing is from the "Bad Message" handling (aka 400 Bad Request) in the Lines 417 to 425 in c89aca8
|
In the debugger in my local test project, it arrives in |
If that code in ErrorHandler was run, then the error occurred after parsing and before handling. I would expect that the Put a breakpoint here and see if this is where your UriCompliance violation triggers -> https://github.com/jetty/jetty.project/blob/jetty-12.0.7/jetty-core/jetty-server/src/main/java/org/eclipse/jetty/server/internal/HttpChannelState.java#L602 If that is where your BadMessage triggers, then you should have that BTW, Don't test with |
It might have been unclear and I updated my initial issue/post trying to clarify: I added (locally) a test case to One other noteworthy difference is that the generated HTML contains a request URI |
I cannot debug the test case that I added here, as Jetty project is not fully importing in IntelliJ for me, I can only execute it with maven command line. The test case that I am debugging is in my local project using Kotlin / http4k-jetty. This is not stopping at |
Jetty version(s)
Jetty 12.0.7
Jetty Environment
core
Java version/vendor
(use: java -version)
openjdk version "21.0.2"
Description
When a client requests a path with an URI violation, the server currently always returns a text/html error response regardless of what the client specified in the
Accept
header, even though theErrorHandler
class checks for that header.When debugging,. it seems that at that point in the ErrorHandler the request headers are completely empty, maybe unparsed?
How to reproduce?
The following test requests a JSON response content type but fails with
Expected returned content
But was following
The text was updated successfully, but these errors were encountered: