Re: Request dispatcher decoding and normalization

2025-01-22 Thread Rémy Maucherat
On Wed, Jan 22, 2025 at 3:11 PM Mark Thomas wrote: > > As a result of a user request, I am looking at Tomcat's handling of %2f > (encoded '/') and %5c (encoded '\'). > > I have already added a new attribute (encodedReverseSolidusHandling) to > the Connector to align options for %5c handling with o

Re: Request-ID added to mod_jk log

2022-06-23 Thread Rainer Jung
Hi all, first a short reminder: I added logging of a request id to the mod_jk log to ease correlation with other Apache logs, like the access log. It was motivated by a discussion with Chris, although the end result wasn't exactly what he liked most. After thinking more about the feature I c

Re: Request for documentation improvement: changelog UI

2020-09-10 Thread Tim Funk
I think this will do it ... The CSS .sticky { position: fixed; top: 0; right: 20px; left: 210px; margin-top: 0; } And you'll need an event listener ... document.addEventListener( 'scroll', function(){ var h3s = document.getElementById('content').getElementsByTagName('h

Re: Request line parsing

2020-03-23 Thread Filip Hanik
+1 Thorough and clear write up On Mon, Mar 23, 2020 at 06:01 Mark Thomas wrote: > Hi, > > I am currently looking at the request line parsing. I'll try and set out > each issue in turn. > > End of line parsing > === > > Prior to the recent changes, Tomcat allowed CRLF or LF to ma

Re: Request line parsing

2020-03-23 Thread Mark Thomas
On 23/03/2020 17:33, Christopher Schultz wrote: > On 3/23/20 11:35, Mark Thomas wrote: > Sounds good. I entirely missed your actual proposal, which was below > your signature and after your references: Sorry about that. I was editing and re-organising and got distracted. Mark

Re: Request line parsing

2020-03-23 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 3/23/20 11:35, Mark Thomas wrote: > On 23/03/2020 14:59, Christopher Schultz wrote: > > > >> My only concern here is that request line + header-processing >> really has to match whatever reverse proxy servers are doing as >> well, and that

Re: Request line parsing

2020-03-23 Thread Mark Thomas
On 23/03/2020 13:28, Rémy Maucherat wrote: > On Mon, Mar 23, 2020 at 2:01 PM Mark Thomas > wrote: > With all of the above in mind I propose: > > - Doing nothing! I think Tomcat is striking the right balance here. > > This means: > GET /CRLF   -> proces

Re: Request line parsing

2020-03-23 Thread Mark Thomas
On 23/03/2020 14:59, Christopher Schultz wrote: > My only concern here is that request line + header-processing really > has to match whatever reverse proxy servers are doing as well, and > that's really not something we can know for sure. I don't think there > is a single safe implementation th

Re: Request line parsing

2020-03-23 Thread Michael Osipov
Am 2020-03-23 um 14:01 schrieb Mark Thomas: Hi, I am currently looking at the request line parsing. I'll try and set out each issue in turn. End of line parsing === Prior to the recent changes, Tomcat allowed CRLF or LF to mark the end of a line. The unwanted side effect was th

Re: Request line parsing

2020-03-23 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 3/23/20 09:01, Mark Thomas wrote: > Hi, > > I am currently looking at the request line parsing. I'll try and > set out each issue in turn. > > End of line parsing === > > Prior to the recent changes, Tomcat allowed CRLF or L

Re: Request line parsing

2020-03-23 Thread Rémy Maucherat
On Mon, Mar 23, 2020 at 2:01 PM Mark Thomas wrote: > Hi, > > I am currently looking at the request line parsing. I'll try and set out > each issue in turn. > > End of line parsing > === > > Prior to the recent changes, Tomcat allowed CRLF or LF to mark the end > of a line. The unw

Re: Request for comment on BZ 59750 (authentication listener)

2018-03-29 Thread Christopher Schultz
Mark, On 3/29/18 4:11 PM, Mark Thomas wrote: > On 29/03/18 19:07, Christopher Schultz wrote: >> Rémy, >> >> On 3/29/18 11:41 AM, Rémy Maucherat wrote: >>> On Thu, Mar 29, 2018 at 3:48 PM, Christopher Schultz < >>> ch...@christopherschultz.net> wrote: >>> All, For reference: https://

Re: Request for comment on BZ 59750 (authentication listener)

2018-03-29 Thread Mark Thomas
On 29/03/18 19:07, Christopher Schultz wrote: > Rémy, > > On 3/29/18 11:41 AM, Rémy Maucherat wrote: >> On Thu, Mar 29, 2018 at 3:48 PM, Christopher Schultz < >> ch...@christopherschultz.net> wrote: >> >>> All, >>> >>> For reference: https://bz.apache.org/bugzilla/show_bug.cgi?id=59750 >>> >>> I'v

Re: Request for comment on BZ 59750 (authentication listener)

2018-03-29 Thread Christopher Schultz
Rémy, On 3/29/18 11:41 AM, Rémy Maucherat wrote: > On Thu, Mar 29, 2018 at 3:48 PM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > >> All, >> >> For reference: https://bz.apache.org/bugzilla/show_bug.cgi?id=59750 >> >> I've got a proposal (in patch form) attached to that BZ issue.

Re: Request for comment on BZ 59750 (authentication listener)

2018-03-29 Thread Coty Sutherland
On Thu, Mar 29, 2018 at 11:41 AM, Rémy Maucherat wrote: > On Thu, Mar 29, 2018 at 3:48 PM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > >> All, >> >> For reference: https://bz.apache.org/bugzilla/show_bug.cgi?id=59750 >> >> I've got a proposal (in patch form) attached to that BZ

Re: Request for comment on BZ 59750 (authentication listener)

2018-03-29 Thread Rémy Maucherat
On Thu, Mar 29, 2018 at 3:48 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > All, > > For reference: https://bz.apache.org/bugzilla/show_bug.cgi?id=59750 > > I've got a proposal (in patch form) attached to that BZ issue. > > Ralf's enhancement request is fairly terse, but this is

Re: Request for Wiki karma

2016-07-24 Thread Konstantin Kolinko
2016-07-22 21:13 GMT+03:00 Greg Trasuk : > > I’d like to add my employer into the wiki listings for Support and Training > at http://wiki.apache.org/tomcat/SupportAndTraining. Could someone add me > into the Contributors Group? > > I created an account on the Tomcat Wiki. My user name is GregTr

Re: Request for Wiki karma

2016-07-24 Thread Konstantin Kolinko
2016-07-24 13:35 GMT+03:00 Felix Schumacher : > > Please add my id FelixSchumacher to the admin group, so that I could > accomplish such tasks in the future. Done. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For

Re: Request

2016-02-01 Thread Roel Storms
Dear Konstantin, I am indeed talking about org.apache.catalina.connector.Request. HttpServletRequest is an interface that we expose to Servlets. However there is no interface that exposes everything necessary for Tomcat to work. Therefor Tomcat is using the Request class as the type of the paramet

Re: Request

2016-01-31 Thread Konstantin Kolinko
2016-01-31 13:30 GMT+03:00 Roel Storms : > Dear Tomcat Devs, > > I was wondering why Request is used all over Tomcat as a class and why we > didn't abstract a Request interface and implemented a StandardRequest as is > done by a lot of other components like Session->StandardSession; > Manager->Stan

Re: Request parameters in HandshakeRequest

2014-01-29 Thread Martin Grigorov
On Wed, Jan 29, 2014 at 1:06 PM, Mark Thomas wrote: > On 29/01/2014 11:44, Martin Grigorov wrote: > > Hi, > > > > Apologies in advance if this is for users@. > > > > Should javax.websocket.server.HandshakeRequest#getParameterMap() contain > > the parameters from the query string ? > > It should.

Re: Request parameters in HandshakeRequest

2014-01-29 Thread Mark Thomas
On 29/01/2014 11:44, Martin Grigorov wrote: > Hi, > > Apologies in advance if this is for users@. > > Should javax.websocket.server.HandshakeRequest#getParameterMap() contain > the parameters from the query string ? It should. > There is javax.websocket.server.HandshakeRequest#getQueryString()

Re: Request for wiki update permission

2013-05-31 Thread Mark Thomas
On 31/05/2013 17:32, Brian Burch wrote: > I have just registered a wiki name of BrianBurch. Could I please be > given permission to update the tomcat wiki? (I need to bring the page on > NetBeans support up to date with http://svn.apache.org/r1484409) Done. Mark

Re: Request for JAASRealm enhancement

2012-08-24 Thread Konstantin Kolinko
2012/8/24 Enrico Olivelli : > Hi, > I was trying to use JAASRealm and I noticed that it is possibile to bundle > my LoginModule with the webapp (useContextClassLoader) but it is not > possibile to bundle a login.properties files > > // this constructor uses default JVM JAAS Configuration > // from

Re: Request logging with async examples

2010-10-21 Thread Mark Thomas
On 21/10/2010 01:09, Jeremy Boynes wrote: > When I run the async1 example in trunk, the request gets logged twice in the > access log: > 0:0:0:0:0:0:0:1%0 - - [20/Oct/2010:21:32:39 -0700] "GET > /examples/async/async1 HTTP/1.1" 200 - > 0:0:0:0:0:0:0:1%0 - - [20/Oct/2010:21:32:42 -0700] "GET > /e

Re: Request parameters straight after authentication

2006-02-15 Thread Kevin McCormack
Hi Mark, On 13/02/06, Mark Thomas <[EMAIL PROTECTED]> wrote: > Kevin McCormack wrote: > > Possible Fix? > > == > > I looked through the Tomcat 5.5.12 source code and ended up in the > > org.apache.catalina.authentication.FormAuthenticator class and noticed > > that there is no code there t

Re: Request parameters straight after authentication

2006-02-13 Thread Mark Thomas
Kevin McCormack wrote: > Possible Fix? > == > I looked through the Tomcat 5.5.12 source code and ended up in the > org.apache.catalina.authentication.FormAuthenticator class and noticed > that there is no code there to save the request parameters from the > original request into the saved r