[UNDERTOW-2374] Move the check for allowUnescapedCharactersInUrl to o…

…utside path verification loop the loop in Http2ReceiveListener.checkRequestHeaders Signed-off-by: Flavia Rainone <frainone@redhat.com>
undertow-io · Apr 18, 2024 · 9d79fc9 · 9d79fc9
1 parent ddb4aee
commit 9d79fc9
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/core/src/main/java/io/undertow/server/protocol/http2/Http2ReceiveListener.java b/core/src/main/java/io/undertow/server/protocol/http2/Http2ReceiveListener.java
@@ -322,9 +322,9 @@ private boolean checkRequestHeaders(HeaderMap headers) {
         }
 
         // verify content of request pseudo-headers. Each header should only have a single value.
-        if (headers.contains(PATH)) {
+        if (headers.contains(PATH) && !allowUnescapedCharactersInUrl) {
             for (byte b: headers.get(PATH).getFirst().getBytes(ISO_8859_1)) {
-                if (!allowUnescapedCharactersInUrl && !HttpRequestParser.isTargetCharacterAllowed((char)b)){
+                if (!HttpRequestParser.isTargetCharacterAllowed((char)b)){
                     return false;
                 }
             }