This is an automated email from the ASF dual-hosted git repository. andy pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/jena.git
commit 8183d65dfb0a7c2d9f6b729cc20eb1dec365af62 Author: Andy Seaborne <[email protected]> AuthorDate: Sat Apr 4 17:34:27 2026 +0100 Note about base URI for parsing (Fuseki) --- .../apache/jena/fuseki/servlets/SPARQLQueryProcessor.java | 10 +++++++++- .../org/apache/jena/fuseki/servlets/SPARQL_Update.java | 14 +++++++++++--- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/servlets/SPARQLQueryProcessor.java b/jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/servlets/SPARQLQueryProcessor.java index b09be7cf6c..7ba6662a1f 100644 --- a/jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/servlets/SPARQLQueryProcessor.java +++ b/jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/servlets/SPARQLQueryProcessor.java @@ -256,9 +256,17 @@ public abstract class SPARQLQueryProcessor extends ActionService } Query query = null; + try { + // Using the request for the base URL exposes information about the host, + // and the host may be behind a firewall, with the request going to a proxy/gateway. + // The request URL is not the firewall public host name. + + String requestBase = QueryParseBase; + // BAD: base = action.getRequest().getRequestURL().toString(); + // NB syntax is ARQ (a superset of SPARQL) - query = QueryFactory.create(queryString, QueryParseBase, Syntax.syntaxARQ); + query = QueryFactory.create(queryString, requestBase, Syntax.syntaxARQ); queryStringLog = formatForLog(query); validateQuery(action, query); } catch (ActionErrorException ex) { diff --git a/jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/servlets/SPARQL_Update.java b/jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/servlets/SPARQL_Update.java index ddf594a36c..59b5ae5213 100644 --- a/jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/servlets/SPARQL_Update.java +++ b/jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/servlets/SPARQL_Update.java @@ -66,7 +66,7 @@ import org.apache.jena.web.HttpSC; public class SPARQL_Update extends ActionService { - // Base URI used to isolate parsing from the current directory of the server. + // Base URI used to isolate parsing from the current host name private static final String UpdateParseBase = Fuseki.BaseParserSPARQL; private static final IRIxResolver resolver = IRIxResolver.create() .base(UpdateParseBase) @@ -213,9 +213,17 @@ public class SPARQL_Update extends ActionService // If it isn't, we need to read the entire update request before performing any updates, because // we have to attempt to make the request atomic in the face of malformed updates. UpdateRequest req = null; + + // Using the request for the base URL exposes information about the host, + // and the host may be behind a firewall, with the request going to a proxy/gateway. + // The request URL is not the firewall public host name. + + String requestBase = UpdateParseBase; + // BAD: base = action.getRequest().getRequestURL().toString(); + if (!action.isTransactional()) { try { - req = UpdateFactory.read(usingList, input, UpdateParseBase, Syntax.syntaxARQ); + req = UpdateFactory.read(usingList, input, requestBase, Syntax.syntaxARQ); } catch (UpdateException ex) { ServletOps.errorBadRequest(ex.getMessage()); return; } catch (QueryParseException ex) { ServletOps.errorBadRequest(messageForException(ex)); return; } @@ -224,7 +232,7 @@ public class SPARQL_Update extends ActionService action.beginWrite(); try { if (req == null ) - UpdateAction.parseExecute(usingList, action.getActiveDSG(), input, UpdateParseBase, Syntax.syntaxARQ); + UpdateAction.parseExecute(usingList, action.getActiveDSG(), input, requestBase, Syntax.syntaxARQ); else UpdateAction.execute(req, action.getActiveDSG()); action.commit();
