Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change of behaviour with HttpServletResponse.sendError(0) in EE10 #12609

Closed
lachlan-roberts opened this issue Dec 4, 2024 · 3 comments · Fixed by #12643
Closed

Change of behaviour with HttpServletResponse.sendError(0) in EE10 #12609

lachlan-roberts opened this issue Dec 4, 2024 · 3 comments · Fixed by #12643
Labels
Bug For general bugs on Jetty side

Comments

@lachlan-roberts
Copy link
Contributor

Jetty version(s)
12.0.x

Jetty Environment
ee10

Description
I noticed that resp.sendError(0) has a change of behaviour in EE10 compared to EE8 and Jetty 9.4

Previously Jetty would throw IAE for status 0.
Now this will send back a 200 response with no body.

java.lang.IllegalArgumentException
        at org.eclipse.jetty.ee8.nested.Response.setStatus(Response.java:666)
        at org.eclipse.jetty.ee8.nested.HttpChannelState.sendError(HttpChannelState.java:782)
        at org.eclipse.jetty.ee8.nested.Response.sendError(Response.java:449)
        at org.eclipse.jetty.ee8.nested.Response.sendError(Response.java:422)
        at org.example.DemoServlet.service(DemoServlet.java:16)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
        at org.eclipse.jetty.ee8.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1146)
        at org.eclipse.jetty.ee8.servlet.ServletHolder.handle(ServletHolder.java:640)
@lachlan-roberts lachlan-roberts added the Bug For general bugs on Jetty side label Dec 4, 2024
@gregw
Copy link
Contributor

gregw commented Dec 4, 2024

We should probably validate that the status is 100-599 or one of the known exceptional codes (-1 for abort).

@janbartel
Copy link
Contributor

@lachlan-roberts looks like this change was deliberate: see #9955

lachlan-roberts added a commit that referenced this issue Dec 15, 2024
@lachlan-roberts
Issue #12609 - better validation for response codes in setStatus
57eb041 
Signed-off-by: Lachlan Roberts <lachlan.p.roberts@gmail.com>
@lachlan-roberts
Copy link
Contributor Author

We should probably validate that the status is 100-599 or one of the known exceptional codes (-1 for abort).

Maybe we set upper limit at 999, because rfc9110 says: "Implementations often use three-digit integer values outside of that range (i.e., 600..999) for internal communication of non-HTTP status".

looks like this change was deliberate: see #9955

This looks to be only for getStatus if the code hasn't been explicitly set.

@lachlan-roberts lachlan-roberts mentioned this issue Dec 16, 2024
Merged
lachlan-roberts added a commit that referenced this issue Dec 19, 2024
@lachlan-roberts
Merge pull request #12643 from jetty/jetty-12.0.x-12609-setStatusCodes
aa65102 
Issue #12609 - better validation for response codes in setStatus
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug For general bugs on Jetty side
Projects
Jetty 12.0.17 - FROZEN
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Issue #12609 - better validation for response codes in setStatus jetty/jetty.project
3 participants
@gregw @janbartel @lachlan-roberts