Jetty version(s)
12.0.7

Jetty Environment
All

Java version/vendor (use: java -version)
All

OS type/version
All

Description
While working PR #11496 the idea of not allowing FRAGMENT section in a Request Line was introduced.

It is good idea that seems to follow the HTTP spec.

• https://datatracker.ietf.org/doc/html/rfc9110#section-4.1 - indicates that the relative URI shouldn't have the fragment component
• https://datatracker.ietf.org/doc/html/rfc9110#section-4.2.5 - says that the fragment component is not part of the ABNF for http or https URIs
• https://datatracker.ietf.org/doc/html/rfc9110#section-7.1 - says that the server should ignore/drop the fragment component, as the fragment component is reserved for client-side processing
• https://datatracker.ietf.org/doc/html/rfc9110#section-10.2.2 - points out that a redirect Location response header can contain a fragment indicator
• https://datatracker.ietf.org/doc/html/rfc9110#section-17.11 - there is a security concern as well with exposure of fragment after redirect

If we do this, we should be careful how we do it, and allow a configurable UriCompliance mode to configure the behavior.

See original commit (reverted in PR #11496):
fed10f7