Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-14535

Using Tomcat's xxx#xwiki WAR format generates some invalid %2F characters

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 8.4.5
    • Fix Version/s: None
    • Component/s: URLs
    • Labels:
    • Environment:
      CentOS 7, Tomcat 7.0.69-11.el7_3, all 64bit
    • Difficulty:
      Unknown
    • Similar issues:

      Description

      Hi there

      I use an sub url to access the xwiki. In this example /cr/ns/xwiki.
      To enable this, I renamed the war file:

      cr#ns#xwiki
      cr#ns#xwiki.war

      The trouble with this is, that the url's generated for some of the components (css in this case) are escaped with %2F:

      10.255.255.35 - - [16/Jul/2017:17:09:06 +0200] "GET /cr/ns/xwiki/bin/jsx/Panels/Applications?language=en&docVersion=1.1 HTTP/1.1" 200 1159
      10.255.255.35 - - [16/Jul/2017:17:09:06 +0200] "GET /cr/ns/xwiki/resources/js/xwiki/compatibility.js HTTP/1.1" 304 -
      10.255.255.35 - - [16/Jul/2017:17:09:06 +0200] "GET /cr/ns/xwiki/bin/jsx/AnnotationCode/Script?language=en&docVersion=1.1 HTTP/1.1" 200 24397
      10.255.255.35 - - [16/Jul/2017:17:09:06 +0200] "GET /cr/ns/xwiki/resources/js/xwiki/markerScript.js HTTP/1.1" 304 -
      10.255.255.35 - - [16/Jul/2017:17:09:06 +0200] "GET /cr/ns/xwiki/bin/ssx/IconThemes/FontAwesome?language=en&docVersion=1.1 HTTP/1.1" 200 22205
      10.255.255.35 - - [16/Jul/2017:17:09:07 +0200] "GET /cr/ns/xwiki/skins/flamingo/logo.svg HTTP/1.1" 304 -
      10.255.255.35 - - [16/Jul/2017:17:09:07 +0200] "GET /cr/ns/xwiki/bin/skin/resources/icons/xwiki/noavatar.png HTTP/1.1" 200 1362
      10.255.255.35 - - [16/Jul/2017:17:09:07 +0200] "GET /cr%2Fns%2Fxwiki/webjars/wiki%3Axwiki/bootstrap/3.3.7-1/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1" 400 -
      10.255.255.35 - - [16/Jul/2017:17:09:07 +0200] "GET /cr/ns/xwiki/resources/icons/xwiki/external-link.png HTTP/1.1" 304 -
      10.255.255.35 - - [16/Jul/2017:17:09:07 +0200] "GET /cr%2Fns%2Fxwiki/webjars/wiki%3Axwiki/font-awesome/4.2.0/fonts/fontawesome-webfont.woff HTTP/1.1" 400 -
      10.255.255.35 - - [16/Jul/2017:17:09:07 +0200] "GET /cr/ns/xwiki/resources/icons/xwiki/spinner.gif HTTP/1.1" 304 -
      10.255.255.35 - - [16/Jul/2017:17:09:07 +0200] "POST /cr/ns/xwiki/bin/view/Main/undefined?xpage=xpart&vm=commentsinline.vm HTTP/1.1" 200 147
      10.255.255.35 - - [16/Jul/2017:17:09:07 +0200] "GET /cr%2Fns%2Fxwiki/webjars/wiki%3Axwiki/bootstrap/3.3.7-1/fonts/glyphicons-halflings-regular.woff HTTP/1.1" 400 -
      10.255.255.35 - - [16/Jul/2017:17:09:07 +0200] "GET /cr%2Fns%2Fxwiki/webjars/wiki%3Axwiki/font-awesome/4.2.0/fonts/fontawesome-webfont.ttf HTTP/1.1" 400 -
      10.255.255.35 - - [16/Jul/2017:17:09:07 +0200] "GET /cr%2Fns%2Fxwiki/webjars/wiki%3Axwiki/bootstrap/3.3.7-1/fonts/glyphicons-halflings-regular.ttf HTTP/1.1" 400 -
      10.255.255.35 - - [16/Jul/2017:17:09:07 +0200] "GET /cr%2Fns%2Fxwiki/webjars/wiki%3Axwiki/bootstrap/3.3.7-1/fonts/glyphicons-halflings-regular.eot HTTP/1.1" 400 -
      10.255.255.35 - - [16/Jul/2017:17:09:45 +0200] "GET /cr%2Fns%2Fxwiki/webjars/wiki%3Axwiki/drawer/2.4.0/css/drawer.min.css HTTP/1.1" 400 -
      10.255.255.35 - - [16/Jul/2017:17:09:50 +0200] "GET /cr%2Fns%2Fxwiki/webjars/wiki%3Axwiki/drawer/2.4.0/css/ HTTP/1.1" 400 -
      10.255.255.35 - - [16/Jul/2017:17:09:55 +0200] "GET /cr%2Fns%2Fxwiki/webjars/wiki%3Axwiki/ HTTP/1.1" 400 -
      

      Unfortunately, Apache and Tomcat deny such URL's by default for security reasons. For now, I use a Apache reverse proxy to access the test installation with "AllowEncodedSlashes On" to work around the issue.

      But I assume this should not happen ...

      Best regards

      Beat

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              bbu@netsuccess.ch Beat Burgener
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Date of First Response: