Failing If-None-Match header in DefaultServlet Tomcat 9.0.41

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Failing If-None-Match header in DefaultServlet Tomcat 9.0.41

Oliver Erdmann
Hi!
Having a http request with If-None-Match header returns "400 Bad Request" with Tomcat 9.0.41

The header is e.g.
If-None-Match: "bfc13a64729c4290ef5b2c2730249c88ca92d82d"
(by the spec with quotes! [1])

But the request.getHeader() in the DefaultServlet returns the string without the quotes,
then EntityTag.compareEntityTag() rejects it as of the missing double quotes.

This is not the case in Tomcat 9.0.37 - there it is ok not to have the double quotes.

- I searched for, but did not find anything in the servlet spec to remove the quotes in the header values - any hints?
- I looked at the source code of tomcat, but this is a complex part of it - I did not find the place where the quotes from the headers are removed - any hints?

Thanks in advance,
Oliver


[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Failing If-None-Match header in DefaultServlet Tomcat 9.0.41 [SOLVED]

Oliver Erdmann

Hi!
 
Sorry for bothering, the failure is not inside Tomcat, but in my webapp.
 
I overlooked a filter, which happens to be my XSS filter, which removes quotes (besides <, >, etc.) from request parameters and header values.
 

Stay healthy,
Oliver
 
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]