stoty commented on code in PR #6783:
URL: https://github.com/apache/hbase/pull/6783#discussion_r2030443517
##########
hbase-rest/src/main/java/org/apache/hadoop/hbase/rest/RESTServer.java:
##########
@@ -287,6 +293,16 @@ public synchronized void run() throws Exception {
httpConfig.setSendServerVersion(false);
httpConfig.setSendDateHeader(false);
+ // In Jetty 12, ambiguous path separators, suspicious path characters, and
ambiguous empty
+ // segments are considered violations of the URI specification and hence
are not allowed.
+ // Refer to
https://github.com/jetty/jetty.project/issues/11890#issuecomment-2156449534
+ // We must set a URI compliance to allow for this violation so that client
requests are not
+ // automatically rejected. Our rest endpoints rely on this behavior to
handle encoded uri paths.
+ // Optionally, we can decide to not set this compliance rules, but may
break existing clients.
+ if (conf.getBoolean(HTTP_SET_URI_COMPLIANCE,
HTTP_SET_URI_COMPLIANCE_DEFAULT)) {
Review Comment:
I would set the compliance flag uncoidionally.
I.e. preserve Jetty 8 behaviour, and not worry about it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
