Loosen the validation rule for Endpoint.host()
#5814
Comments
ikhoon
added a commit
to ikhoon/armeria
that referenced
this issue
Aug 2, 2024
Motivation: The authority part in a URI was validated by `URI.parseServerAuthority()` which only allows alphanumeric characters, `.` and `-`. https://github.com/openjdk/jdk/blob/dc35f3e8a84c8f622a4cabb8aee0f96de2e2ea30/src/java.base/share/classes/java/net/URI.java#L3513-L3515 As a result, if underscore (`_`) is set in an authroity, `URISyntaxException` is raised. We think the rule is too strict because a request can also be sent to an instance when CSLB is used. `_` is a valid character in a DNS record. Users may want to send a host whose name is `beta_api.cloud.somewhere.com`. Related: line#5814 Modifications: - Remove the usage of `URI.parseServerAuthority()` in `SchemeAndAuthority` - Parse a hostname and a port from a raw authority. Result: - Validation is relexed to permit underscores (_) in URI's authority. - Closes line#5814
ikhoon
added a commit
to ikhoon/armeria
that referenced
this issue
Aug 2, 2024
Motivation: The authority part in a URI was validated by `URI.parseServerAuthority()` which only allows alphanumeric characters, `.` and `-`. https://github.com/openjdk/jdk/blob/dc35f3e8a84c8f622a4cabb8aee0f96de2e2ea30/src/java.base/share/classes/java/net/URI.java#L3513-L3515 As a result, if underscore (`_`) is set in an authority, `URISyntaxException` is raised. We think the rule is too strict because a request can also be sent to an instance when CSLB is used. `_` is a valid character in a DNS record. Users may want to send a host whose name is `beta_api.cloud.somewhere.com`. Related: line#5814 Modifications: - Remove the usage of `URI.parseServerAuthority()` in `SchemeAndAuthority` - Parse a hostname and a port from a raw authority. Result: - Validation is relaxed to permit underscores (_) in URI's authority. - Closes line#5814
ikhoon
added a commit
that referenced
this issue
Aug 8, 2024
Motivation: The authority part in a URI was validated by `URI.parseServerAuthority()` which only allows alphanumeric characters, `.` and `-`. https://github.com/openjdk/jdk/blob/dc35f3e8a84c8f622a4cabb8aee0f96de2e2ea30/src/java.base/share/classes/java/net/URI.java#L3513-L3515 As a result, if underscore (`_`) is set in an authority, `URISyntaxException` is raised. We think the rule is too strict because a request can also be sent to an instance when CSLB is used. `_` is a valid character in a DNS record. Users may want to send a request to a host whose name is `beta_api.cloud.instance-123.somewhere.com`. Related: #5814 Modifications: - Remove the usage of `URI.parseServerAuthority()` in `SchemeAndAuthority` - Parse a hostname and a port from a raw authority. Result: - Validation is relaxed to permit underscores (_) in URI's authority. - Closes #5814
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The underscore (
_) character is not permitted in hostnames but is allowed in other contexts, such as DNS SRV records.Currently,
URI.parseServerAuthority()is used to validate a hostname of anEndpointwhich disallows_.armeria/core/src/main/java/com/linecorp/armeria/internal/common/SchemeAndAuthority.java
Line 53 in c208353
Armeria internally,
Endpoint.host()is used for both DNS and a hostname of a URI. So I think we may loosen the validation rule to allow_and use it forDNSqueries and results.Discord thread: https://discord.com/channels/1087271586832318494/1087272728177942629/1262912254333030451
The text was updated successfully, but these errors were encountered: