[BUG] Failed to handle absolute form of HTTP "path"

[Banyc]

What i did / Steps to reproduce

1. set up a socks5 or http proxy in your local host
2. set up bluemap as usual
3. curl -v -x <your proxy address> <bluemap address>

Expected result

bluemap returns an html file to curl.

Actual result

bluemap returns http 404 to curl.

Context

BlueMap Version:
latest

this is the code that parses the HTTP request path

BlueMap/common/src/main/java/de/bluecolored/bluemap/common/web/FileRequestHandler.java

Lines 66 to 79 in 05f0987

	private HttpResponse generateResponse(HttpRequest request) throws IOException {
	String path = request.getPath();
	// normalize path
	if (path.startsWith("/")) path = path.substring(1);
	if (path.endsWith("/")) path = path.substring(0, path.length() - 1);
	Path filePath;
	try {
	filePath = webRoot.resolve(path);
	} catch (InvalidPathException e){
	return new HttpResponse(HttpStatusCode.NOT_FOUND);
	}

however, it does not account for the absolute form specified in the HTTP RFC https://datatracker.ietf.org/doc/html/rfc9112#name-absolute-form

namely, when a request GET http://www.example.org/pub/WWW/TheProject.html HTTP/1.1 goes to bluemap, bluemap will instantly treat http://www.example.org/pub/WWW/TheProject.html as a file path, instead of extracting /pub/WWW/TheProject.html

for reference, if you dont have a proxy at hand, here are the requests captured by me with/without using a proxy

# using proxy
GET http://www.example.com:12345/ HTTP/1.1
Host: www.example.com:12345
User-Agent: curl/8.15.0
Accept: */*
Proxy-Connection: Keep-Alive

###

# noproxy
GET / HTTP/1.1
Host: www.example.com:12345
User-Agent: curl/8.15.0
Accept: */*

a thought on how to identify the absolute form by either:

• use a uri library
• check the ":" substring right after the schema (e.g., "http")
  ref: https://datatracker.ietf.org/doc/html/rfc3986#appendix-A

[TechnicJelle]

Could you explain reproduce-step 1 a bit more for the people who don't know about this stuff?
What software do you use to do something like that? And which configurations?

[Banyc]

i use the proxy that i wrote for myself so this is not a popular software by any means. this is the link to the software: https://github.com/Banyc/proxy

this is a better example for a broader audience: https://datatracker.ietf.org/doc/html/rfc1928

in our context, the "server" is the said "proxy software", and the "target host" is the bluemap endpoint that accepts http requests.

[Chicken]

While this is a bug in BlueMap (it should be able to handle those as per spec), shouldn't your proxy transform absolute-form to origin-form before forwarding to the target server? Not really a required thing but I imagine that is something desired...?

[Banyc]

absolutely true and this is definitely a bug in my craft; i just realized that this is a thing in the http spec lol

correction: using a socks5 proxy, curl won't send in the absolute-form; it happens while using a http proxy instead