-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 3/19/17 4:55 PM, Mark Thomas wrote: > Hi, > > r1787662 adds Host header validation along with a fair number of > unit tests. > > It includes a performance test which indicates - on my machine at > least - that the performance impact is in the noise. I'd like to > see better performance for full IPv6 addresses but the current code > looks to be acceptable. > > The validation is not yet integrated into the request processing. > My primary reason for not integrating it is that it will trigger a > 400 response if the header is invalid and I don't want to > incorrectly reject valid headers. Therefore I have a request. > Please try and break these new parsers. Please commit any values > you test with. > > Once we are happy with the quality of these parsers, I'll integrate > them into the request processing. How about an option to disable the validity-checking, in case someone in the field finds a case they need to support, or if they don't care about hostname-checking and want their "performance back"? - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJY0TU7AAoJEBzwKT+lPKRYK+cP/jVu+waZHfEL7s8LrTwC8+v/ +5le9Lo8vM9T5zSAYl/xbNuOx0uVkFAz1lVMxL0Jy2pG/HhntdBRmcAyP8Ms2/Ci bdqRYtKb+ZrTZNQkFKjmKrZYOrB/IgwzTrGLQ0JewbKOd7doHtN3gsa2ekzQ5h7l D9D6w6tflVzlByPgJLQ9VbqD5MxQsmxkaFBkSzfnpKYbzsXqrHF18R9p/234PLqD hxUuHhPm39AtrfeNpXUcVLxUrcGbDlzeP9pUDxgZHM69Yi82cHdoCi65VCMysges BCSnkbP2CBdkT2/aSfZa73RplOFT2XMk6OQOMSJv6SEXRdqS58A3m/Grnjj9LCX5 EtwYuy8q+Edd8JMPV6mOO980EaiQ4nha1HgrZa8Vsmbtn2xzp017lrYJPO19Cvoc cGEiCvQVTlmtUhdPV1SdogBvIhHGpMORj7+eSRPlBmCopjzSIYfeWCoecWzyRKfj 6xZ/hSVH/IufbHolRBNWIcZWQI1Oo1VkuYLQ9xM26CcodYjFcQfm9JaD4ixCXhDW 81f4erOxGVkGRrrXVQwxJ1sdXyAbB5FHbdBj5CTSv8U3LnZK26Qk/e0PcvlXTaHm CAhelcMpplkD78Dc5Chb38t3PZk41WfwRFF1km5+XhXxfGVokFhjDMNP5SuF+1EM LkYsnfIDFyApXSyq27/S =LRYA -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
