Bug 62731 - HandshakeRequest has a relative URL
Summary: HandshakeRequest has a relative URL
Alias: None
Product: Tomcat 9
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 9.0.12
Hardware: PC Linux
: P2 major (vote)
Target Milestone: -----
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2018-09-18 09:50 UTC by Boris Petrov
Modified: 2018-09-28 00:50 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Boris Petrov 2018-09-18 09:50:36 UTC
I opened an issue in CometD about a NPE in their code:


According to the supporter of CometD, this is actually an issue with Tomcat:


He's saying that "request.getRequestURI()" should return an absolute URI in order to be able to get the schema as there is no other API for that. Please check the link for his exact words.

I could probably come up with a reproduction project if one is needed.
Comment 1 Mark Thomas 2018-09-18 10:38:05 UTC
Similar to https://github.com/eclipse-ee4j/websocket-api/issues/228

On balance the full, undecoded, unnormalized URI including query string looks to the the right thing to return.
Comment 2 Remy Maucherat 2018-09-18 13:07:03 UTC
But then actually using this sort of input is highly risky :(
Comment 3 Mark Thomas 2018-09-21 13:15:50 UTC
Indeed. However, it isn't that different from the current behaviour which only differs in that the scheme, host and port aren't present. The risky part (the undecoded, unnormalized path) is the same.
Comment 4 Mark Thomas 2018-09-28 00:50:02 UTC
Fixed in:
9.0.x for 9.0.13 onwards
8.5.x for 8.5.35 onwards
7.0.x for 7.0.92 onwards