RFR: 8272758: Improve HttpServer to avoid partial file name matches while mapping request path to context path [v2]
Michael McMahon
michaelm at openjdk.org
Thu Jan 29 15:38:44 UTC 2026
On Wed, 21 Jan 2026 12:21:42 GMT, Volkan Yazici <vyazici at openjdk.org> wrote:
>> Currently `HttpServer` allows matching a request path `/foobar` to context path `/foo`. Replace this surprising behaviour with a safer approach by requiring exact *path prefix matches*.
>>
>>
>> | Request path
>> Context +------+-------+----------+---------
>> path | /foo | /foo/ | /foo/bar | /foobar
>> ---------+------+-------+----------+---------
>> / | Y | Y | Y | Y
>> /foo/ | N | Y | Y | N
>
> Volkan Yazici has updated the pull request incrementally with one additional commit since the last revision:
>
> Add property to switch between prefix matching schemes
src/jdk.httpserver/share/classes/sun/net/httpserver/ContextList.java line 201:
> 199: }
> 200:
> 201: // Is it a path-prefix match?
Suggestion:
// Is it a path-prefix match? Either the context ends with '/'
// or the request contains a '/' implying that it does
or words to the same effect. The behavior is quite subtle.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/29264#discussion_r2742260337
More information about the net-dev
mailing list