On Fri, 31 Oct 2025 10:12:27 GMT, Peyang <[email protected]> wrote: >> Hi all, >> >> [JEP 408](https://openjdk.org/jeps/408) introduced the Simple Web Server in >> Java 18, providing a minimal webserver for serving static files over HTTP. >> >> [RFC 9110](https://www.rfc-editor.org/rfc/rfc9110.html#name-range-requests) >> defines "Range Requests" as an optional feature that allows clients to >> request a subset of a resource's content. Supporting Range requests in the >> context of JDK's Simple Web Server means enabling the server to serve only >> the requested portion of a static file. >> >> This change contains: >> >> 1. Enhances `sun.net.httpserver.simpleserver.FileServerHandler` in the >> `jdk.httpserver` module to support `Range` and `If-Range` headers. >> 2. Calculates an `ETag` for each resource based on its last-modified date >> and file size and sends it to the client on demand for use with the >> `If-Range` header. >> 3. Returns the `Accept-Ranges` header for all file retrievals, and >> `Content-Range` when a client requests a specific range. >> 4. Adds a new constant `HTTP_RANGE_NOT_SATISFIABLE` to the `Codes` class to >> indicate invalid ranges. >> 5. Returns `206 Partial Content` for valid ranges and `416 Range Not >> Satisfiable` for invalid ranges. >> 6. Includes corresponding tests to verify correct behavior. >> >> This enhancement was motivated by recent discussions on the net-dev mailing >> list, which requested support for Range requests along with example use >> cases: https://mail.openjdk.org/pipermail/net-dev/2025-April/026364.html >> It was also discussed briefly on the net-dev mailing list: >> https://mail.openjdk.org/pipermail/net-dev/2025-October/028586.html > > Peyang has updated the pull request incrementally with one additional commit > since the last revision: > > Add documentation for HTTP range requests support in SimpleFileServer
src/jdk.httpserver/share/classes/sun/net/httpserver/simpleserver/FileServerHandler.java line 310: > 308: return true; > 309: } > 310: servePartialContents(exchange, path, ranges); The RFC says: > A server that supports range requests MAY ignore or reject a > [Range](https://www.rfc-editor.org/rfc/rfc9110.html#field.range) header field > that contains an invalid > [ranges-specifier](https://www.rfc-editor.org/rfc/rfc9110.html#rule.ranges-specifier) > ([Section > 14.1.1](https://www.rfc-editor.org/rfc/rfc9110.html#range.specifiers)), a > [ranges-specifier](https://www.rfc-editor.org/rfc/rfc9110.html#rule.ranges-specifier) > with more than two overlapping ranges, or a set of many small ranges that > are not listed in ascending order, since these are indications of either a > broken client or a deliberate denial-of-service attack ([Section > 17.15](https://www.rfc-editor.org/rfc/rfc9110.html#overlapping.ranges)). I would expect a validation of the ranges list before we serve them. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/28021#discussion_r2481206652
