NihalJain commented on code in PR #6783:
URL: https://github.com/apache/hbase/pull/6783#discussion_r2028495650
##########
hbase-rest/src/main/java/org/apache/hadoop/hbase/rest/RESTServer.java:
##########
@@ -287,6 +293,16 @@ public synchronized void run() throws Exception {
httpConfig.setSendServerVersion(false);
httpConfig.setSendDateHeader(false);
+ // In Jetty 12, ambiguous path separators, suspicious path characters, and
ambiguous empty
+ // segments are considered violations of the URI specification and hence
are not allowed.
+ // Refer to
https://github.com/jetty/jetty.project/issues/11890#issuecomment-2156449534
+ // We must set a URI compliance to allow for this violation so that client
requests are not
+ // automatically rejected. Our rest endpoints rely on this behavior to
handle encoded uri paths.
+ // Optionally, we can decide to not set this compliance rules, but may
break existing clients.
+ if (conf.getBoolean(HTTP_SET_URI_COMPLIANCE,
HTTP_SET_URI_COMPLIANCE_DEFAULT)) {
Review Comment:
Also updated to allow for disabling setting compliance rules. But should we
even keep this, given it will break use cases?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
