Review ERROR query-string handling #10131
Comments
|
Kind of duplicate of #10130 |
|
The original code for |
|
Whether the error page exists or is a servlet does not matter. Original query string and parameters must be maintained. This is a MUST before a 12.0.0 release IFF error page uris are allowed to contain query strings, then these should be merged. But I'm not sure if we have previously supported this. Can be done later. |
|
The previous code suggests that an error page uri can have a query string. In that case it probably should be merged, but it is going to be s very rare case, so we can keep the previous behavior for now. But no matter what, the original query parameters must be preserved on map and string form. |
|
Opened PR #10132 |
I think it does. If the original request into the system is Now, how about a request into the system is
This testcase doesn't exist AFAICT |
|
I'm pretty sure that at no time will the query string every be just x=y, as it will be merged in the async dispatch to be a=b&x=y Besides, which servlet request is fed to the error logic is a matter for sync handling. Here we have a request passed in and a URI used to construct the dispatcher. The job is to combine. For error dispatching, we have previously used the URI query if not null, else the request query. We need to do at least that in 12. However, on consideration, we should probably merge query string and parameters. But not important to do that before the release as we have never done it before |
|
@sbordet @joakime At the very minimum, we need to change the But in EE9, we use the forward mechanism for error dispatches, so the query strings are actually merged. Moreover the parameters are recalculated to match. |
…y-string Issue #10131 - revert changes to `ErrorRequest.getQueryString()` and `AsyncServletTest`
|
PR #10132 (the revert) has been merged. Will work on ERROR dispatch param merging next. |
|
@joakime I think it might be as simple as to add something like: @Override
public String getQueryString()
{
String targetQuery = (_uri == null) ? null : _uri.getQuery();
if (getRequest() instanceof HttpServletRequest httpServletRequest)
{
if (targetQuery == null)
return httpServletRequest.getQueryString();
if (httpServletRequest.getQueryString() == null)
return targetQuery;
return UrlEncoded.encode(getParams(), StandardCharsets.ISO_8859_1, false);
}
return targetQuery;
}to I have some concerns about the efficiency of |
|
@gregw this would be new functionality in Jetty. While researching, I came across a past issue where we discussed this #2074 (it's a long issue discussion, but it does help with explaining why the codebase does what it does) - even has a link to a servlet spec discussion on this too - jakartaee/servlet#308 And when looking at Jetty 10 tests, I can see we don't ever merge the See the check in "servlet2" on the |
Issue #10131 - Test case showing ERROR param merging works as-is.
|
Plus my code is wrong as it would put body params into the merged query. Let's think about this.... |
|
@joakime after reading #2074 (good research) I see I am just repeating the panic of 2020. We are correctly merging the actual parameters and we deliberately decided not to merge the actual queryString and just go with simple replacement. |
|
Merged PR #10144 |
Jetty version(s)
12.0.0
Java version/vendor
(use: java -version)Any
OS type/version
Any
Description
@gregw is the query string merged? like in the case of forward/include?
Scenario 1:
/foo?a=bsendError(500)/error/erroris a servlet.Scenario 2:
/foo?a=bsendError(500)/error?c=d/erroris a servlet.Scenario 3:
/foo?a=bAsyncContext.dispatch("/does-not-exist")/error/erroris a servlet.Scenario 4:
/foo?a=bAsyncContext.dispatch("/does-not-exist")/error?c=d/erroris a servlet.What should
HttpServletRequest.getQueryString()return in each case?For the two AsyncContext.dispatch() scenarios, this is basically a double dispatch. (original, requested-bad-page, error)
The text was updated successfully, but these errors were encountered: