Menu
I perform a http DELETE request from Javascript to a Java web app. The web app uses Jersey to dispatch urls. Tricky thing is, I'm using a path parameter that contains a forward-slash (e.g. "XX/6666"). When I run in Jetty (maven plugin) it works fine, but when I run on my production server (Tomcat) it does not, i.e. I get a 404.
The forward slash is escaped using %2F so my request URL looks something like
DELETE http://.../4776/shipmentOrders/XX%2F6666
Is this allowed in the http specs, and is it possible Jetty and Tomcat interpret these differently?
426
Tomcat (in versions 5, 6 and 7 I believe) purposefully prevents the usage of %2f in the path to prevent directory traversal attacks. You can allegedly turn this protection OFF by setting org.apache.tomcat.util.buf. UDecoder.ALLOW_ENCODED_SLASH=true. I've not personally tested this, but see others on the net claiming it resolved this for them. Note, however, that web servers in front of Tomcat may also intercept and rewrite the URL, automatically decoding %2f to the forward slash.
Reference: http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html
175
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
