Summary: | Http Post requests not handled correctly if there is more than one space between the "POST" and the URL | ||
---|---|---|---|
Product: | Tomcat 5 | Reporter: | Dick Salisbury <dsalisbury> |
Component: | Connector:Coyote | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P3 | ||
Version: | 5.5.20 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Windows XP |
Description
Dick Salisbury
2007-06-26 16:57:13 UTC
According to the HTTP spec there is one space character between the method and the URL - i.e. your request is invalid HTTP. http://tools.ietf.org/html/rfc1945#page-23 This ticket should probably be marked INVALID, but the error response doesn't look appropriate - the response should probably be a 400 Bad Request. (In reply to comment #1) > According to the HTTP spec there is one space character between the method and > the URL - i.e. your request is invalid HTTP. > http://tools.ietf.org/html/rfc1945#page-23 > This ticket should probably be marked INVALID, but the error response doesn't > look appropriate - the response should probably be a 400 Bad Request. Thank you for pointing me in the right direction. After reading the Http spec I have to agree with you that the Http is invalid. A point could be made that the spec should be followed exactly when sending and be more forgiving when receiving, but that is another issue. I have passed the information you provided to Software AG, who is now looking into making changes to correct the Http on their end (in Natural). Thanks again! >According to the HTTP spec there is one space character between the method and >the URL - i.e. your request is invalid HTTP. >http://tools.ietf.org/html/rfc1945#page-23 >This ticket should probably be marked INVALID, but the error response doesn't >look appropriate - the response should probably be a 400 Bad Request. It is true that in the RFC the Request line is made up of single spaced elements, but if you look at appendix b (http://tools.ietf.org/html/rfc1945#page-55) it says " Clients should be tolerant in parsing the Status-Line and servers tolerant when parsing the Request-Line. In particular, they should accept any amount of SP or HT characters between fields, even though only a single SP is required. " I have same 505 error with Natural 4.2 make a post on a tomcat 5 but after analyse it, i have a different conclusion. This for me doesn't work even if we remove space : POST http://C010030S:5599/NXAServer/NextAxiomServer HTTP/1.0 Tomcat only accept this request : POST /NXAServer/NextAxiomServer HTTP/1.0 Host: C010030S:5599 I have committed a patch to trunk that makes the parsing of the request line tolerant of multiple SP and/or HT. The patch has been proposed it for 6.0.x and 5.5.x I have also tested the example given in comment #4 and cannot reproduce that issue. This patch has been applied to 6.0.x and will be in 6.0.17 onwards. This has been fixed in 5.5.x and will be included in 5.5.27 onwards. |