I opened an issue in CometD about a NPE in their code: https://github.com/cometd/cometd/issues/791 According to the supporter of CometD, this is actually an issue with Tomcat: https://github.com/cometd/cometd/issues/791#issuecomment-422322833 He's saying that "request.getRequestURI()" should return an absolute URI in order to be able to get the schema as there is no other API for that. Please check the link for his exact words. I could probably come up with a reproduction project if one is needed.
Similar to https://github.com/eclipse-ee4j/websocket-api/issues/228 On balance the full, undecoded, unnormalized URI including query string looks to the the right thing to return.
But then actually using this sort of input is highly risky :(
Indeed. However, it isn't that different from the current behaviour which only differs in that the scheme, host and port aren't present. The risky part (the undecoded, unnormalized path) is the same.
Fixed in: 9.0.x for 9.0.13 onwards 8.5.x for 8.5.35 onwards 7.0.x for 7.0.92 onwards