Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-19167

Make XWiki URIs compatible with Servlet 6 specifications

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • 13.10-rc-1
    • None
    • None
    • Unknown

    Description

      Application servers like Jetty and Tomcat started forbidding some special character in the URIs path for a while (leading us to find configuration for them) but the servlet 6 specifications actually made those protections (and more) official. It also made it much more complex to configure Jetty and Tomcat to allow those characters…

      Here are more details on what exactly is forbidden in the specification: https://github.com/jakartaee/servlet/blob/6.0.0-RELEASE/spec/src/main/asciidoc/servlet-spec-body.adoc#352-uri-path-canonicalization.

      So if we want to be good Servlet citizen we need to stop having this kind of URI.

      There are two ways:

      • pass those characters through URL parameters instead of path
      • forbid those characters on XWiki side too

      There is no central place we can easily fix to fix everything, many totally different features in XWiki (and in Contrib extensions) have their own format of URL.

      The goal of this issue is to aggregate all those specific features which need to be fixed to have an idea of where we stand in general on this subject:

      • legacy actions (/bin/<action>/) entities URLs
      • /rest/ resources URLs
        • entities rest resources
        • job rest resources
        • TODO: list missing types of REST resources
      • resource reference handlers
        • TODO: list missing types of resource handlers

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              vmassol Vincent Massol
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: