> Assuming it's easy for Tomcat to differentiate between errors generated
My PR was based on the assumption that it is easy, since Tomcat always
invokes this method[1] if it's a badRequest.
[1]
Any chance someone took a look at the PR? Do you guys think this is a
viable solution?
On Sun, Apr 21, 2024 at 12:54 PM Adwait Kumar Singh
wrote:
> https://github.com/apache/tomcat/pull/723 is a draft PR of the idea I was
> talking about earlier, i.e close the connection on a bad r
04 No Content is normally used with PUT and DELETE requests.
>
> Yes, you can use those. 200 would also make sense and, of course 201 for
> new resources.
>
> -chris
>
> > -Original Message-
> > From: Christopher Schultz
> > Sent: perjantai 19. huhtikuuta 202
>
> I'm not (yet) convinced distinguishing between those scenarios is always
> going to be possible.
I have a Tomcat patch which we use at work to do this, i.e always close the
connection if HTTP parsing fails but not if it's a user set status. I can
create a PR for feedback.
On Thu, Apr 18,
I think we should *always* close connections in cases where it can lead to
request smuggling vulnerabilities like when there is an error during header
or request line parsing, but allowing the user to control connection close
when the status is being set by the user, should be safe?
It allows
The former.
On Thu, Nov 30, 2023 at 3:40 PM Aditya Shastri
wrote:
> Thanks for the response Adwait.
>
> My ant skills are lacking. Does the minimum bytecode definition come
> from this line?
>
>
> What does this line do?
>
>
> On Thu, Nov 30, 2023 at 6:10
Yes, JDK17 can produce JDK8 bytecode, in fact that's what Tomcat does.
On Thu, Nov 30, 2023 at 2:35 PM Aditya Shastri
wrote:
> Hello,
>
> We build our own Tomcat 9 binaries from scratch (grab the tag from
> https://github.com/apache/tomcat) and call ant (with java8) to build
> it.
>
> Starting
my non-container thread being aware of it or having to
block my container thread.
On Sat, Nov 25, 2023 at 5:42 AM Mark Thomas wrote:
> On 25/11/2023 05:30, Adwait Kumar Singh wrote:
>
> > Is there a way around this, to keep the async context open even on an
> error
> >
Hi,
I am trying to build a Streaming solution on top of Tomcat and using Async
servlets. What I am doing is I start an asynchronous process using
`startAsync()` and then attach a ReadListener which streams the data
forward `onDataAvailable`, the consumer consumes this on another thread.
Now the
Hey Tomcat users,
I am using Async Servlets and have a question on how to safeguard my
application from Request Smuggling.
In my current setup I do the following,
1. `startAsync` on the ServletRequest.
2. Create a ReadListener and attach it to the ServletInputStream.
3. Once I have read the
Hey,
Checking in on this thread. Is someone actively working on this?
I am more than happy to contribute/help in any way to move this forward
quickly.
Thanks,
Adwait.
On Tue, Sep 5, 2023 at 1:11 PM Mark Thomas wrote:
> On 04/09/2023 15:41, Jonathan S. Fisher wrote:
> > Mark thank you again
I can see that BND was updated to 7.0 in 9.0.83, however BND 7.0 requires
at least JDK 17 runtime while Tomcat 9 still supports JDK 8.
Is this breaking change intended?
Sorry for the wrong bug id. This is the one I filed,
https://bz.apache.org/bugzilla/show_bug.cgi?id=68037
On Tue, Oct 31, 2023 at 3:24 PM Adwait Kumar Singh
wrote:
> AFAIK the response is not being committed.
>
> I created a bug for this with a reproducible test case,
> https://b
AFAIK the response is not being committed.
I created a bug for this with a reproducible test case,
https://bz.apache.org/bugzilla/show_bug.cgi?id=54123
On Tue, Oct 31, 2023 at 12:49 PM Mark Thomas wrote:
>
>
> On 30/10/2023 22:25, Adwait Kumar Singh wrote:
> > Hi,
> >
>
s only dispatched if the request is not being
executed in the container thread.
On Mon, Oct 30, 2023 at 3:25 PM Adwait Kumar Singh
wrote:
> Hi,
>
> I am using the async Servlet API and NIO, by setting a ReadListener.
>
> In the onError of the ReadListener, I am catching a SocketTimeoutE
Hi,
I am using the async Servlet API and NIO, by setting a ReadListener.
In the onError of the ReadListener, I am catching a SocketTimeoutException
and trying to send back an error code 408. Here is the simplified example
of what I am trying to do,
@Override
> public void onError(Throwable
16 matches
Mail list logo