Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Malformed URL "/..**" causes Error 500 instead of 404

See original GitHub issue

Steps to reproduce:

Navigate to https://cookbook.vaadin.com/…**

Expected behavior: 404 error

Actual behavior: 500 error

Example stacktrace:

java.lang.IllegalArgumentException: Relative path cannot contain .. segments
	at com.vaadin.flow.router.Location.verifyRelativePath(Location.java:322) ~[flow-server-5.0.0.beta1.jar:5.0.0.beta1]
	at com.vaadin.flow.router.Location.parsePath(Location.java:281) ~[flow-server-5.0.0.beta1.jar:5.0.0.beta1]
	at com.vaadin.flow.router.Location.<init>(Location.java:56) ~[flow-server-5.0.0.beta1.jar:5.0.0.beta1]
	at com.vaadin.flow.router.Router.getLocationForRequest(Router.java:148) ~[flow-server-5.0.0.beta1.jar:5.0.0.beta1]
	at com.vaadin.flow.router.Router.resolveNavigationTarget(Router.java:163) ~[flow-server-5.0.0.beta1.jar:5.0.0.beta1]
	at com.vaadin.flow.server.BootstrapUtils.resolvePageConfigurationHolder(BootstrapUtils.java:285) ~[flow-server-5.0.0.beta1.jar:5.0.0.beta1]
	at com.vaadin.flow.server.BootstrapHandler$BootstrapContext.<init>(BootstrapHandler.java:195) ~[flow-server-5.0.0.beta1.jar:5.0.0.beta1]

Issue Analytics

State:
Created 3 years ago
Comments:5 (2 by maintainers)

Top GitHub Comments

1reaction

fluorumlabscommented, Nov 23, 2020

On second thought, Tomcat serves 400 Bad Request in case of malformed request URL (like if the requested path contains forbidden characters). Since we’re also talking about forbidden characters there, maybe we should stick with that convention.

0reactions

vaadin-botcommented, Aug 31, 2021

This ticket/PR has been released with platform 14.7.0.rc1 and is also targeting the upcoming stable 14.7.0 version.