Introduce UriCompliance.Violation.FRAGMENT
to reject HTTP Request Line that includes fragment section.
#11579
Labels
Bug
For general bugs on Jetty side
Specification
For all industry Specifications (IETF / Servlet / etc)
Jetty version(s)
12.0.7
Jetty Environment
All
Java version/vendor
(use: java -version)
All
OS type/version
All
Description
While working PR #11496 the idea of not allowing FRAGMENT section in a Request Line was introduced.
It is good idea that seems to follow the HTTP spec.
Location
response header can contain a fragment indicatorIf we do this, we should be careful how we do it, and allow a configurable UriCompliance mode to configure the behavior.
See original commit (reverted in PR #11496):
fed10f7
The text was updated successfully, but these errors were encountered: