Re: [jetty-dev] Forbidden URLs are too restrictive in Jetty

["Arend v. Reinersdorff" <arend@xxxxxxxxxxx>]

Ok. Thanks for opening the bug. I'll follow that.

On Sat, Sep 14, 2013 at 4:17 PM, Joakim Erdfelt <joakim@xxxxxxxxxxx> wrote:

Seems like a bug.

This has been filed as bug https://bugs.eclipse.org/bugs/show_bug.cgi?id=417260

The servlet spec leads on our project will take a closer look at it.

--

Joakim Erdfelt <joakim@xxxxxxxxxxx>

webtide.com - intalio.com/jetty

Expert advice, services and support from from the Jetty & CometD experts

eclipse.org/jetty - cometd.org

On Sat, Sep 14, 2013 at 5:10 AM, Arend v. Reinersdorff <arend@xxxxxxxxxxx> wrote:

Hi,

Background:

Most Servlet containers forbid mapping Servlets or Filters to META-INF and WEB-INF paths:

<applicationContext>/META-INF

<applicationContext>/META-INF/*

<applicationContext>/WEB-INF
<applicationContext>/WEB-INF/*

(all URLs case insensitive)

Problem:

Jetty is more restrictive and forbids any URL starting with META-INF or WEB-INF:

<applicationContext>/META-INF*

<applicationContext>/WEB-INF*

Example URLs that Tomcat allows but Jetty forbids:

<applicationContext>/META-INFX/index.html

<applicationContext>/META-INF.HTML

I see no reason why Jetty is more restrictive than Tomcat in this case.

Regards,

Arend

_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-dev

_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-dev