-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/strict validation for header name and value #2219
Merged
arjantijms
merged 10 commits into
eclipse-ee4j:main
from
carryel:feature/strict-validation-for-header-name-and-value
Jan 22, 2025
Merged
Feature/strict validation for header name and value #2219
arjantijms
merged 10 commits into
eclipse-ee4j:main
from
carryel:feature/strict-validation-for-header-name-and-value
Jan 22, 2025
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…alidation against invalid characters RFC-9110
Adding properties
+ Added the validation of HTTP header values + Name and value's validation are provided as options. (Improved based on #1 @breakponchito)
+ trivial) updated license and re-trigger status checks(eclipse-ee4j#2213).
+ Field values cannot have a single LF as per RFC-9110(https://www.rfc-editor.org/rfc/rfc9110.html#section-5.5). + Additionally, this patch automatically removes support for multiple lines of http headers as mentioned in RFC-2616(https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2). Note) The features related to this issue eclipse-ee4j#2212 only work when the STRICT_HEADER_NAME_VALIDATION_RFC_9110 and STRICT_HEADER_VALUE_VALIDATION_RFC_9110 options are enabled, and the existing code base behavior is maintained when options are not enabled. + Instead of throwing ArrayIndexOutOfBoundsException when judging Token and Text char, it ensures checking within the array range. + Since several existing http testcases do not respect CRLF in header values, I modified them to comply with the spec where it was not intentional. This patch passed all grizzly existing testcases locally, depending on the presence of options. > mvn clean test All passed. > mvn clean test -Dorg.glassfish.grizzly.http.STRICT_HEADER_NAME_VALIDATION_RFC_9110=true -Dorg.glassfish.grizzly.http.STRICT_HEADER_VALUE_VALIDATION_RFC_9110=true All passed.
Maven version should be upgraged in Github Actions env.
|
+ Added a step for installing maven v3.9.9 by referring to https://github.com/eclipse-ee4j/glassfish/blob/master/.github/workflows/build-windows.yml.
dmatej
approved these changes
Jan 22, 2025
arjantijms
approved these changes
Jan 22, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#2213 changed to be based on the main branch.
This is a PR for Issue #2212 based on main branch.