spray routing confused by double-slash?
185 views
Skip to first unread message
Jan Niehusmann
Jan 7, 2013, 10:00:24 AM1/7/13
to spray...@googlegroups.com
Hello,
while playing around with spray and spray-routing I noticed the
following, which seems wrong to me (but I may well be missing
something):
Having the following app derived from the simple example:
object Main extends App with SimpleRoutingApp {
startServer(interface = "localhost", port = 8080) {
path("") {
get {
complete {
<h1>What?!</h1>
}
}
}
}
}
If I understand the routing code correctly, this should
match "http://localhost/" and "http://localhost", but not
"http://localhost/<whatever>".
However, if I enter "http://localhost//xyz" into the browser, the path
matches and I get "What?!" as a result.
A hint to the cause of that behaviour is given when accessing
"http://localhost:8080//" -> Illegal URI: Expected authority at index 2: //
So it seems that the path part of the URI (without method and authority
parts) is again parsed as a full URI, which leads to unexpected behaviour
if the path begins with a double slash: The first path element is
considered to be the 'authority' part of the URI, and is completely
ignored.
I guess this happens in spray.http.HttpRequest.parseUri.
As such a URL with a path starting with a double-slash is probably
invalid anyhow (but I didn't check the RFCs, so I may be wrong), it
would probably ok to just fail in that case. Silently ignoring the
first path component doesn't look correct to me.
Regards,
Jan
while playing around with spray and spray-routing I noticed the
following, which seems wrong to me (but I may well be missing
something):
Having the following app derived from the simple example:
object Main extends App with SimpleRoutingApp {
startServer(interface = "localhost", port = 8080) {
path("") {
get {
complete {
<h1>What?!</h1>
}
}
}
}
}
If I understand the routing code correctly, this should
match "http://localhost/" and "http://localhost", but not
"http://localhost/<whatever>".
However, if I enter "http://localhost//xyz" into the browser, the path
matches and I get "What?!" as a result.
A hint to the cause of that behaviour is given when accessing
"http://localhost:8080//" -> Illegal URI: Expected authority at index 2: //
So it seems that the path part of the URI (without method and authority
parts) is again parsed as a full URI, which leads to unexpected behaviour
if the path begins with a double slash: The first path element is
considered to be the 'authority' part of the URI, and is completely
ignored.
I guess this happens in spray.http.HttpRequest.parseUri.
As such a URL with a path starting with a double-slash is probably
invalid anyhow (but I didn't check the RFCs, so I may be wrong), it
would probably ok to just fail in that case. Silently ignoring the
first path component doesn't look correct to me.
Regards,
Jan
Mathias
Jan 7, 2013, 5:17:41 PM1/7/13
to spray...@googlegroups.com
Jan,
yes, the current behavior for such URIs is incorrect.
Currently we still rely on the java.net.URI parsing the request uri, which has already created a number of problems in the past.
This bug will probably be the one to finally trigger the replacement of java.net.URI with a custom URI parser, something that we wanted to do for some time already.
I have created an issue for this:
https://github.com/spray/spray/issues/185
Thanks for reporting!!
Much appreciated.
Cheers,
Mathias
---
mat...@spray.io
http://spray.io
> --
>
>
yes, the current behavior for such URIs is incorrect.
Currently we still rely on the java.net.URI parsing the request uri, which has already created a number of problems in the past.
This bug will probably be the one to finally trigger the replacement of java.net.URI with a custom URI parser, something that we wanted to do for some time already.
I have created an issue for this:
https://github.com/spray/spray/issues/185
Thanks for reporting!!
Much appreciated.
Cheers,
Mathias
---
mat...@spray.io
http://spray.io
>
>
Reply all
Reply to author
Forward
0 new messages