On 30/01/18 15:25, Mark Thomas wrote: > On 30/01/18 15:15, Konstantin Kolinko wrote: >> -1. >> >> Reading the algorithm in Host.parse(Reader), I think that http://610.ru/en/ >> and a number of popular Chinese web sites won't pass this validation. >> https://www.chinacheckup.com/blogs/articles/chinese-website-names-numbers >> >> https://domains-index.com/nine-millions-domain-names-just-numbers/ > > ACK. > > The host header validation was written from the RFCs. Given that those > sites all work, I'm assuming I missed something. Let me go back to the > RFCs and figure out what. Once I have done that, I'll update the parser > and/or this thread as appropriate.
I was working from RFC 952. I missed RFC 1123. Updating the host name parser has just moved to the top of my TODO list. Mark > > Mark > >> >> Best regards, >> Konstantin Kolinko >> >> >> 2018-01-30 16:59 GMT+03:00 <[email protected]>: >>> Author: markt >>> Date: Tue Jan 30 13:59:11 2018 >>> New Revision: 1822644 >>> >>> URL: http://svn.apache.org/viewvc?rev=1822644&view=rev >>> Log: >>> Enable strict host/port validation for all connectors. >>> >>> Modified: >>> tomcat/trunk/java/org/apache/coyote/AbstractProcessor.java >>> tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java >>> tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java >>> tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties >>> tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties >>> tomcat/trunk/java/org/apache/coyote/http2/Stream.java >>> tomcat/trunk/java/org/apache/tomcat/util/http/parser/Host.java >>> tomcat/trunk/webapps/docs/changelog.xml >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
