[jira] [Commented] (JCR-4158) jackrabbit-server doesn't handle content-codings properly

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

[jira] [Commented] (JCR-4158) jackrabbit-server doesn't handle content-codings properly

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/JCR-4158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16104493#comment-16104493 ]

Julian Reschke commented on JCR-4158:

FWIW, the servlet API makes it extremely easy to get this wrong - any call to {{ServletRequest.getInputStream()}} which doesn't *properly* handle the {{Content-Encoding}} header field will be broken.

Properly handling {{Content-Encoding}} requires:

- to properly handle multiple header field instances
- to parse each field into distinct values (comma delimiter)
- to process *all* encoding values in the correct order

Doing this wrong might cause "harmless" errors (like request failing with obscure 4xx or 5xx status codes), but also request apparently succeeding but not doing what the caller intended (see example above).

> jackrabbit-server doesn't handle content-codings properly
> ---------------------------------------------------------
>                 Key: JCR-4158
>                 URL: https://issues.apache.org/jira/browse/JCR-4158
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>          Components: jackrabbit-jcr-server
>    Affects Versions: 2.15.4
>            Reporter: Julian Reschke
>            Assignee: Julian Reschke
> test with jackrabbit-standalone:
> {noformat}
> curl -v -u admin:admin -H "content-encoding: foo" -T filename http://localhost:8080/repository/default/
> {noformat}
> This should result in a 4xx status (optimally 415).
> In general, all fields in content-coding must be processed, and any unknown field must cause a 4xx status.

This message was sent by Atlassian JIRA