Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support removal of headers via filters #8699

Closed
espen42 opened this issue Mar 8, 2021 · 2 comments · Fixed by #10836
Closed

Support removal of headers via filters #8699

espen42 opened this issue Mar 8, 2021 · 2 comments · Fixed by #10836
Assignees
@rymsha
Labels
Improvement
Milestone
7.15.0

Comments

@espen42
Copy link

espen42 commented Mar 8, 2021
edited
Loading

If any key has an undefined value in the header in an XP response object - commonly used ones like ETag or Cache-Control, but also seemingly any key at all, such as pleaseDontFail - will cause an error when trying to return it from a controller. This is only reported as a pretty generic WebError: null or NullPointerException.

Tested in webapp.js and a service, for example with this code:

exports.get = req => {
    const title = 'Hello Web app';
    return  {
        body: `
          <html>
            <head>
               <title>${title}</title>
            </head>
            <body>
                <h1>Sweet, "${title}" is working!</h1>
           </body>
        </html>`,
      headers: {
        pleaseDontFail: undefined
      }
    };
};

Letting pleaseDontFail be any generic string works, as in, passes unnoticed. Also works if pleaseDontFail is undefined outside of headers, for example in the response root as a sibling of body.

Such a generic error message is a bit problematic IMO.

  • We have headers open to manipulation by regular JS object logic, and allowing object attributes to fallback to undefined is a pretty commonplace JS practice. It doesn't usually cause errors like this elsewhere in XP, and will in many cases be expected to behave similarly to if the attribute hadn't been added at all. In this case, not adding it is different than having it with an undefined value.
  • Also, the root problem is easily obfuscated. If you log the response object above before returning it, an undefined pleaseDontFail attribute won't be shown (except by explicitly logging Object.keys(response.headers)).

I suggest adding a catch and error message.

Example error dump:

2021-03-08 13:57:00,058 ERROR c.e.x.p.i.e.ExceptionRendererImpl - Internal Server Error
com.enonic.xp.web.WebException: null
	at com.enonic.xp.web.impl.exception.ExceptionMapperImpl.map(ExceptionMapperImpl.java:33)
	at com.enonic.xp.portal.impl.app.WebAppHandler.handleError(WebAppHandler.java:161)
	at com.enonic.xp.portal.impl.app.WebAppHandler.handleRequest(WebAppHandler.java:117)
	at com.enonic.xp.portal.impl.app.WebAppHandler.handleAppRequest(WebAppHandler.java:102)
	at com.enonic.xp.portal.impl.app.WebAppHandler.doHandle(WebAppHandler.java:82)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:66)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.portal.handler.BasePortalHandler.doHandle(BasePortalHandler.java:46)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:66)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.impl.trace.TraceWebFilter.doHandle(TraceWebFilter.java:38)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:66)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.impl.handler.WebDispatcherImpl.dispatch(WebDispatcherImpl.java:44)
	at com.enonic.xp.web.impl.handler.WebDispatcherServlet.doHandle(WebDispatcherServlet.java:142)
	at com.enonic.xp.web.impl.handler.WebDispatcherServlet.service(WebDispatcherServlet.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at com.enonic.xp.web.impl.dispatch.mapping.ServletDefinitionImpl.service(ServletDefinitionImpl.java:40)
	at com.enonic.xp.web.impl.dispatch.pipeline.ServletPipelineImpl.service(ServletPipelineImpl.java:38)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:51)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.portal.impl.idprovider.IdProviderFilter.doHandle(IdProviderFilter.java:46)
	at com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:31)
	at com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.web.impl.context.ContextFilter.lambda$doHandle$0(ContextFilter.java:33)
	at com.enonic.xp.context.ContextImpl.callWith(ContextImpl.java:102)
	at com.enonic.xp.web.impl.context.ContextFilter.doHandle(ContextFilter.java:32)
	at com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:31)
	at com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.web.vhost.impl.VirtualHostFilter.doHandle(VirtualHostFilter.java:73)
	at com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:31)
	at com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.web.impl.dos.DosFilterWrapper.doFilter(DosFilterWrapper.java:65)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at org.eclipse.jetty.servlets.HeaderFilter.doFilter(HeaderFilter.java:117)
	at com.enonic.xp.web.impl.header.HeaderFilterWrapper.doHandle(HeaderFilterWrapper.java:51)
	at com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:31)
	at com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterPipelineImpl.filter(FilterPipelineImpl.java:37)
	at com.enonic.xp.web.impl.dispatch.DispatchServletImpl.service(DispatchServletImpl.java:51)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:791)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:550)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:766)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:234)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.Server.handle(Server.java:516)
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388)
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
	at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905)
	at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.lang.NullPointerException: null
	at com.enonic.xp.portal.impl.controller.PortalResponseSerializer.populateHeaders(PortalResponseSerializer.java:172)
	at com.enonic.xp.portal.impl.controller.PortalResponseSerializer.serialize(PortalResponseSerializer.java:80)
	at com.enonic.xp.portal.impl.controller.ControllerScriptImpl.doExecute(ControllerScriptImpl.java:73)
	at com.enonic.xp.portal.impl.controller.ControllerScriptImpl.lambda$execute$0(ControllerScriptImpl.java:36)
	at com.enonic.xp.trace.Tracer.traceEx(Tracer.java:72)
	at com.enonic.xp.trace.Tracer.trace(Tracer.java:51)
	at com.enonic.xp.trace.Tracer.trace(Tracer.java:98)
	at com.enonic.xp.portal.impl.controller.ControllerScriptImpl.execute(ControllerScriptImpl.java:36)
	at com.enonic.xp.portal.impl.app.WebAppHandler.executeController(WebAppHandler.java:125)
	at com.enonic.xp.portal.impl.app.WebAppHandler.handleRequest(WebAppHandler.java:111)
	... 117 common frames omitted
2021-03-08 14:03:05,547 ERROR c.e.x.p.i.e.ExceptionRendererImpl - Internal Server Error
com.enonic.xp.web.WebException: null
	at com.enonic.xp.web.impl.exception.ExceptionMapperImpl.map(ExceptionMapperImpl.java:33)
	at com.enonic.xp.portal.impl.app.WebAppHandler.handleError(WebAppHandler.java:161)
	at com.enonic.xp.portal.impl.app.WebAppHandler.handleRequest(WebAppHandler.java:117)
	at com.enonic.xp.portal.impl.app.WebAppHandler.handleAppRequest(WebAppHandler.java:102)
	at com.enonic.xp.portal.impl.app.WebAppHandler.doHandle(WebAppHandler.java:82)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:66)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.portal.handler.BasePortalHandler.doHandle(BasePortalHandler.java:46)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:66)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.impl.trace.TraceWebFilter.doHandle(TraceWebFilter.java:38)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:66)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.impl.handler.WebDispatcherImpl.dispatch(WebDispatcherImpl.java:44)
	at com.enonic.xp.web.impl.handler.WebDispatcherServlet.doHandle(WebDispatcherServlet.java:142)
	at com.enonic.xp.web.impl.handler.WebDispatcherServlet.service(WebDispatcherServlet.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at com.enonic.xp.web.impl.dispatch.mapping.ServletDefinitionImpl.service(ServletDefinitionImpl.java:40)
	at com.enonic.xp.web.impl.dispatch.pipeline.ServletPipelineImpl.service(ServletPipelineImpl.java:38)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:51)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.portal.impl.idprovider.IdProviderFilter.doHandle(IdProviderFilter.java:46)
	at com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:31)
	at com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.web.impl.context.ContextFilter.lambda$doHandle$0(ContextFilter.java:33)
	at com.enonic.xp.context.ContextImpl.callWith(ContextImpl.java:102)
	at com.enonic.xp.web.impl.context.ContextFilter.doHandle(ContextFilter.java:32)
	at com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:31)
	at com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.web.vhost.impl.VirtualHostFilter.doHandle(VirtualHostFilter.java:73)
	at com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:31)
	at com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.web.impl.dos.DosFilterWrapper.doFilter(DosFilterWrapper.java:65)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at org.eclipse.jetty.servlets.HeaderFilter.doFilter(HeaderFilter.java:117)
	at com.enonic.xp.web.impl.header.HeaderFilterWrapper.doHandle(HeaderFilterWrapper.java:51)
	at com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:31)
	at com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterPipelineImpl.filter(FilterPipelineImpl.java:37)
	at com.enonic.xp.web.impl.dispatch.DispatchServletImpl.service(DispatchServletImpl.java:51)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:791)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:550)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:766)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:234)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.Server.handle(Server.java:516)
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388)
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
	at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905)
	at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.lang.NullPointerException: null
	at com.enonic.xp.portal.impl.controller.PortalResponseSerializer.populateHeaders(PortalResponseSerializer.java:172)
	at com.enonic.xp.portal.impl.controller.PortalResponseSerializer.serialize(PortalResponseSerializer.java:80)
	at com.enonic.xp.portal.impl.controller.ControllerScriptImpl.doExecute(ControllerScriptImpl.java:73)
	at com.enonic.xp.portal.impl.controller.ControllerScriptImpl.lambda$execute$0(ControllerScriptImpl.java:36)
	at com.enonic.xp.trace.Tracer.traceEx(Tracer.java:72)
	at com.enonic.xp.trace.Tracer.trace(Tracer.java:51)
	at com.enonic.xp.trace.Tracer.trace(Tracer.java:98)
	at com.enonic.xp.portal.impl.controller.ControllerScriptImpl.execute(ControllerScriptImpl.java:36)
	at com.enonic.xp.portal.impl.app.WebAppHandler.executeController(WebAppHandler.java:125)
	at com.enonic.xp.portal.impl.app.WebAppHandler.handleRequest(WebAppHandler.java:111)
	... 117 common frames omitted
2021-03-08 14:03:05,561 ERROR c.e.x.p.i.e.ExceptionRendererImpl - Internal Server Error
com.enonic.xp.web.WebException: null
	at com.enonic.xp.web.impl.exception.ExceptionMapperImpl.map(ExceptionMapperImpl.java:33)
	at com.enonic.xp.portal.impl.app.WebAppHandler.handleError(WebAppHandler.java:161)
	at com.enonic.xp.portal.impl.app.WebAppHandler.handleRequest(WebAppHandler.java:117)
	at com.enonic.xp.portal.impl.app.WebAppHandler.handleAppRequest(WebAppHandler.java:102)
	at com.enonic.xp.portal.impl.app.WebAppHandler.doHandle(WebAppHandler.java:82)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:66)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.portal.handler.BasePortalHandler.doHandle(BasePortalHandler.java:46)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:66)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.impl.trace.TraceWebFilter.doHandle(TraceWebFilter.java:38)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:66)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:30)
	at com.enonic.xp.web.impl.handler.WebDispatcherImpl.dispatch(WebDispatcherImpl.java:44)
	at com.enonic.xp.web.impl.handler.WebDispatcherServlet.doHandle(WebDispatcherServlet.java:142)
	at com.enonic.xp.web.impl.handler.WebDispatcherServlet.service(WebDispatcherServlet.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at com.enonic.xp.web.impl.dispatch.mapping.ServletDefinitionImpl.service(ServletDefinitionImpl.java:40)
	at com.enonic.xp.web.impl.dispatch.pipeline.ServletPipelineImpl.service(ServletPipelineImpl.java:38)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:51)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.portal.impl.idprovider.IdProviderFilter.doHandle(IdProviderFilter.java:46)
	at com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:31)
	at com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.web.impl.context.ContextFilter.lambda$doHandle$0(ContextFilter.java:33)
	at com.enonic.xp.context.ContextImpl.callWith(ContextImpl.java:102)
	at com.enonic.xp.web.impl.context.ContextFilter.doHandle(ContextFilter.java:32)
	at com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:31)
	at com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.web.vhost.impl.VirtualHostFilter.doHandle(VirtualHostFilter.java:73)
	at com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:31)
	at com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.web.impl.dos.DosFilterWrapper.doFilter(DosFilterWrapper.java:65)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at org.eclipse.jetty.servlets.HeaderFilter.doFilter(HeaderFilter.java:117)
	at com.enonic.xp.web.impl.header.HeaderFilterWrapper.doHandle(HeaderFilterWrapper.java:51)
	at com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:31)
	at com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterPipelineImpl.filter(FilterPipelineImpl.java:37)
	at com.enonic.xp.web.impl.dispatch.DispatchServletImpl.service(DispatchServletImpl.java:51)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:791)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:550)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:766)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:234)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.Server.handle(Server.java:516)
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388)
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
	at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905)
	at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.lang.NullPointerException: null
	at com.enonic.xp.portal.impl.controller.PortalResponseSerializer.populateHeaders(PortalResponseSerializer.java:172)
	at com.enonic.xp.portal.impl.controller.PortalResponseSerializer.serialize(PortalResponseSerializer.java:80)
	at com.enonic.xp.portal.impl.controller.ControllerScriptImpl.doExecute(ControllerScriptImpl.java:73)
	at com.enonic.xp.portal.impl.controller.ControllerScriptImpl.lambda$execute$0(ControllerScriptImpl.java:36)
	at com.enonic.xp.trace.Tracer.traceEx(Tracer.java:72)
	at com.enonic.xp.trace.Tracer.trace(Tracer.java:51)
	at com.enonic.xp.trace.Tracer.trace(Tracer.java:98)
	at com.enonic.xp.portal.impl.controller.ControllerScriptImpl.execute(ControllerScriptImpl.java:36)
	at com.enonic.xp.portal.impl.app.WebAppHandler.executeController(WebAppHandler.java:125)
	at com.enonic.xp.portal.impl.app.WebAppHandler.handleRequest(WebAppHandler.java:111)
	... 117 common frames omitted
@espen42 espen42 mentioned this issue Mar 8, 2021
Closed
@rymsha rymsha added this to the 7.15.0 milestone Dec 23, 2024
@rymsha rymsha added this to XP7.15 Dec 23, 2024
@github-project-automation github-project-automation bot moved this to Backlog in XP7.15 Dec 23, 2024
@rymsha rymsha assigned anatol-sialitski and unassigned rymsha Dec 27, 2024
@rymsha rymsha changed the title Response objects where some key has an undefined value causes vaguely reported error Support removal of headers via controllers Dec 27, 2024
@rymsha
Copy link
Contributor

rymsha commented Dec 27, 2024
edited
Loading

We cannot distinguish between null and undefined - due to how java bridge works.

But we can allow removal of headers by treating as null/undefined as removal in PortalResponseSerializer

This feature is often requested to remove X-Frame-Options header set by default. This would pose a security risk. So, this feature must not be able to remove headers forced via configuration.

Note that Java Servlet API allows to remove headers exactly the same way - by specifying null value

@rymsha rymsha assigned rymsha and unassigned anatol-sialitski Dec 30, 2024
@rymsha rymsha moved this from Backlog to In Progress in XP7.15 Jan 2, 2025
@rymsha rymsha changed the title Support removal of headers via controllers Support removal of headers via filters Jan 2, 2025
rymsha added a commit that referenced this issue Jan 2, 2025
@rymsha
Support removal of headers via filters #8699
197467a
@rymsha
Copy link
Contributor

rymsha commented Jan 2, 2025

After the fix

  • undefined and null values of headers won't fail
  • it is possible to remove headers set by controllers in filters and responseProcessors
  • not possible to remove headers forced before rendering pipeline (Header Filter)

rymsha added a commit that referenced this issue Jan 3, 2025
@rymsha
Support removal of headers via filters #8699
7141bd3
rymsha added a commit that referenced this issue Jan 3, 2025
@rymsha
Support removal of headers via filters #8699
625dc7a 
(cherry picked from commit 7141bd3)
@rymsha rymsha moved this from In Progress to Done in XP7.15 Jan 3, 2025
@rymsha rymsha closed this as completed by moving to Done in XP7.15 Jan 3, 2025
@rymsha rymsha linked a pull request Mar 3, 2025 that will close this issue
support removal of headers via filters #8699 #10836
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rymsha rymsha

Labels
Improvement
Projects
No open projects
XP7.15
Archived in project
Milestone
7.15.0
Development

Successfully merging a pull request may close this issue.

support removal of headers via filters #8699 enonic/xp
3 participants
@rymsha @espen42 @anatol-sialitski