Re: Ambiguity about how to deal with received fragments in URI

I agree the handling for a server is ambiguous. In hyper, we've just
ignored including it in `req.uri()`, so user code cannot access it. If it
were clarified in the RFC that we should reject with a 400, we could
consider making that change.

It's not infrequent that users ask to be allowed to access it, and
currently the only thing I can point them to is "the client shouldn't send

On Thu, Jul 27, 2023 at 5:58 AM Mark Thomas <> wrote:

> On 27/07/2023 10:05, Willy Tarreau wrote:
> > Thus I'd like to collect some opinions here from other implementers.
> > Are there any who reject requests containing fragments in the URI ?
> As of the Servlet 6.0 specification, Servlet containers are required to
> reject such requests with a 400 response so Tomcat, Jetty etc will do so.
> I'm not aware of any objections to this behaviour to date.
> Mark

Received on Thursday, 27 July 2023 12:18:10 UTC