Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Content-Type value is unexpectedly changed by Jetty9

The issue is that Jetty avoids creating a lot of garbage by looking up such common strings in a StringTrie directly from the bytes received.

I will look at making this optional, but for your authentication mechanism I would think it is very delicate if it is relying on case insensitive fields being case sensitive.    While the servlet spec does imply that we should return the exact characters, there is nothing stopping a proxy or any other intermediary rewriting headers to semantically equivalent ones.   Indeed you may even go via a binary protocol (AJP13 or SPDY) that tokenises headers and thus also changes their case.

Is it possible for you yo make your mechanism do lower case conversions before calculating any hash values on case insensitive data?


On 31 July 2013 12:29, てらだみつるつよし <terrada3@xxxxxxxxx> wrote:

I'm in trouble about the "Content-Type" .

I used a recent version Jetty, that version is 8.1.11.v20130520. Now, I'm trying to migrate my application to version 9.0.4.v20130625.

In version 8, Content-Type value is not changed by Jetty.

set by client : application/x-www-form-urlencoded; charset=utf-8

HttpServletRequest.getHeade("Content-Type") : application/x-www-form-urlencoded; charset=utf-8

But in version 9.0.4.v20130625, "Content-Type" value is changed by Jetty.

set by client : application/x-www-form-urlencoded; charset=utf-8

HttpServletRequest.getHeade("Content-Type") : application/x-www-form-urlencoded; charset=UTF-8

A charset value is changed(utf -> UTF).

I use this value to calculate a hash value for authentication mechanism.
This changing of a Content-Type value makes difference between a value calculated in client and that in server, so authentication is failed.

I cannot  judge that this is a specification or a bug.
Have anybody tips or options to avoid this charset changing?


jetty-users mailing list

Greg Wilkins <gregw@xxxxxxxxxxx>
Developer advice and support from the Jetty & CometD experts.
Intalio, the modern way to build business applications.

Back to the top