This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 2f65f1f967 Use a 400 response for bad requests rather than a 500
response
2f65f1f967 is described below
commit 2f65f1f9671ad17515ffe44c7d595971a4d774b6
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Nov 8 15:09:44 2023 +0000
Use a 400 response for bad requests rather than a 500 response
---
java/org/apache/catalina/core/StandardWrapperValve.java | 9 ++++++++-
test/org/apache/coyote/http2/TestHttp2UpgradeHandler.java | 4 ++--
webapps/docs/changelog.xml | 4 ++++
3 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/core/StandardWrapperValve.java
b/java/org/apache/catalina/core/StandardWrapperValve.java
index e48376e6c6..4106ba9a5c 100644
--- a/java/org/apache/catalina/core/StandardWrapperValve.java
+++ b/java/org/apache/catalina/core/StandardWrapperValve.java
@@ -170,7 +170,14 @@ final class StandardWrapperValve extends ValveBase {
}
}
- } catch (BadRequestException | CloseNowException e) {
+ } catch (BadRequestException e) {
+ if (container.getLogger().isDebugEnabled()) {
+ container.getLogger().debug(
+ sm.getString("standardWrapper.serviceException",
wrapper.getName(), context.getName()), e);
+ }
+ throwable = e;
+ exception(request, response, e,
HttpServletResponse.SC_BAD_REQUEST);
+ } catch (CloseNowException e) {
if (container.getLogger().isDebugEnabled()) {
container.getLogger().debug(
sm.getString("standardWrapper.serviceException",
wrapper.getName(), context.getName()), e);
diff --git a/test/org/apache/coyote/http2/TestHttp2UpgradeHandler.java
b/test/org/apache/coyote/http2/TestHttp2UpgradeHandler.java
index da7f9da4c3..6f4e91a926 100644
--- a/test/org/apache/coyote/http2/TestHttp2UpgradeHandler.java
+++ b/test/org/apache/coyote/http2/TestHttp2UpgradeHandler.java
@@ -201,10 +201,10 @@ public class TestHttp2UpgradeHandler extends
Http2TestBase {
buildPostRequest(frameHeader, headersPayload, false,
dataFrameHeader, dataFramePayload, null, stream);
writeFrame(frameHeader, headersPayload);
- // 500 response (triggered by IOException trying to read body that
never arrived)
+ // 400 response (triggered by IOException trying to read body that
never arrived)
parser.readFrame();
Assert.assertTrue(output.getTrace(),
- output.getTrace().startsWith(stream + "-HeadersStart\n" +
stream + "-Header-[:status]-[500]\n"));
+ output.getTrace().startsWith(stream + "-HeadersStart\n" +
stream + "-Header-[:status]-[400]\n"));
output.clearTrace();
// reset frame
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6c4c2c5835..50da965004 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -145,6 +145,10 @@
<code>ApplicationHttpRequest</code> and
<code>ApplicationRequest</code>.
(markt)
</fix>
+ <fix>
+ Use a 400 status code to report an error due to a bad request (e.g. an
+ invalid trailer header) rather than a 500 status code. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
