> On Jun 4, 2024, at 06:07, Christopher Schultz <[email protected]>
> wrote:
<snip/>
>> 04-Jun-2024 09:49:11.448 INFO [http-nio-8080-exec-6]
>> org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request
>> header
>> Note: further occurrences of HTTP request parsing errors will be logged at
>> DEBUG level.
>> java.lang.IllegalArgumentException: Invalid character found in the
>> request target [/sra_{xxxxxxx0-DDDD-3333-yyyyyyyyyyyyyy}/ ]. The valid
>> characters are defined in RFC 7230 and RFC 3986
>
> The problem is the { and } characters.
>
> My reading of RFC 7230 is that { and } /should/ be allowed, but Tomcat's code
> rejects them by default.
I think it depends on which part of RFC 3986 one looks at. Appendix A should
have the precise URI syntax, where the reserved and unreserved sets are defined
as follows:
unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
reserved = gen-delims / sub-delims
gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@"
sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
/ "*" / "+" / "," / ";" / "="
Some ASCII characters, notably braces, are simply left out of either set here.
However, section 2.3 declares:
Characters that are allowed in a URI but do not have a reserved
purpose are called unreserved. These include uppercase and lowercase
letters, decimal digits, hyphen, period, underscore, and tilde.
The use of “include” would seem to imply “not limited to”, but that’s not
explicitly stated here.
Nothing like a little ambiguity to keep things interesting…
- Chuck
> You can override this behavior by using the relaxedPathChars configuration
> attribute on your <Connector>[1].
>
> -chris
>
> [1] https://tomcat.apache.org/tomcat-9.0-doc/config/http.html
