Bug 62731

Summary: HandshakeRequest has a relative URL
Product: Tomcat 9 Reporter: Boris Petrov <boris_petrov>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Severity: major    
Priority: P2    
Version: 9.0.12   
Target Milestone: -----   
Hardware: PC   
OS: Linux   

Description Boris Petrov 2018-09-18 09:50:36 UTC
I opened an issue in CometD about a NPE in their code:


According to the supporter of CometD, this is actually an issue with Tomcat:


He's saying that "request.getRequestURI()" should return an absolute URI in order to be able to get the schema as there is no other API for that. Please check the link for his exact words.

I could probably come up with a reproduction project if one is needed.
Comment 1 Mark Thomas 2018-09-18 10:38:05 UTC
Similar to https://github.com/eclipse-ee4j/websocket-api/issues/228

On balance the full, undecoded, unnormalized URI including query string looks to the the right thing to return.
Comment 2 Remy Maucherat 2018-09-18 13:07:03 UTC
But then actually using this sort of input is highly risky :(
Comment 3 Mark Thomas 2018-09-21 13:15:50 UTC
Indeed. However, it isn't that different from the current behaviour which only differs in that the scheme, host and port aren't present. The risky part (the undecoded, unnormalized path) is the same.
Comment 4 Mark Thomas 2018-09-28 00:50:02 UTC
Fixed in:
9.0.x for 9.0.13 onwards
8.5.x for 8.5.35 onwards
7.0.x for 7.0.92 onwards