search

IHTSDO / snowstorm

Scalable SNOMED CT Terminology Server using Elasticsearch
Other
204 stars 80 forks source link

^ character not accepted in http requests #5

Closed rorydavidson closed 6 years ago

rorydavidson commented 6 years ago

When trying to run the following ECL - ^ 733990004 |Nursing activities reference set| - the following exception is thrown by snowstorm:

2018-04-19 09:50:21.334 INFO 1 --- [nio-8080-exec-1] o.apache.coyote.http11.Http11Processor : Error parsing HTTP request header java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986 at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:476) ~[tomcat-embed-core-8.5.29.jar!/:8.5.29] at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:687) ~[tomcat-embed-core-8.5.29.jar!/:8.5.29] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.29.jar!/:8.5.29] at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790) [tomcat-embed-core-8.5.29.jar!/:8.5.29] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459) [tomcat-embed-core-8.5.29.jar!/:8.5.29] at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.29.jar!/:8.5.29] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_151] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_151] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.29.jar!/:8.5.29] at java.lang.Thread.run(Thread.java:748) [na:1.8.0_151]

kaicode commented 6 years ago

Newer versions of tomcat simply do not allow the caret ^ character in the URL of a HTTP request. This is because it's against the HTTP 1.1 specification. Characters {, } and | can be allowed via the tomcat.util.http.parser.HttpParser.requestTargetAllow config option but that's all.

Tomcat developer discussion here https://bz.apache.org/bugzilla/show_bug.cgi?id=60594

In the mean time I can recommend URL encoding characters or use the Swagger UI which does this. ^ should be encoded to %5E then everything works.

Here is a list of reference sets which are currently imported into Snowstorm - https://github.com/IHTSDO/snowstorm/blob/master/src/main/java/org/snomed/snowstorm/core/rf2/rf2import/ImportService.java#L34 A config option to import all reference sets would probably be useful for some environments.