Uploaded image for project: 'OpenMRS Core'
  1. OpenMRS Core
  2. TRUNK-5022

Our spring MVC configuration treats everything after the dot as a file extension, even for things like web services

    XMLWordPrintable

    Details

    • Complexity:
      Medium
    • Development:

      Description

      See and the side discussion leading to https://talk.openmrs.org/t/module-identifiers-in-restws-module/8641/13

      Our spring configuration always treats everything after the last dot in a URL as a file extension, which is a problem if you need to do something like this: .../ws/rest/v1/location/Inpatient+Ward+A.2. There may be other situations where we want to allows dots in the final part of a URL.

      RESTWS-606 and RESTWS-627 found a way to hackily fix this from the REST module, but we should solve this going forwards in openmrs-core.

      See also the section on Suffix Pattern Matching at https://docs.spring.io/spring/docs/current/spring-framework-reference/html/mvc.html which says

      suffix pattern matching as well as content negotiation may be used in some circumstances to attempt malicious attacks and there are good reasons to restrict them meaningfully

      and also describes that you can change this behavior with useRegisteredSuffixPatternMatch

        Gliffy Diagrams

          Attachments

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              darius Darius Jazayeri
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated: