Hi all, So we started getting 400 responses to all requests after upgrading our Tomcat to 8.5.31. After some head-scratching, I finally found that HttpParser now rejects a hostname as invalid if it does not end with an _alphabetic_ TLD - no hyphens, no numerics. And apparently the behavior is not configurable either.
The changelog for 8.5.31 mentions that "Enable strict validation of the provided host name and port for all connectors. Requests with invalid host names and/or ports will be rejected with a 400 response. (markt)". But why are only alphabetic TLDs considered valid? The IDNA for internationalized ccTLDs (e.g. the IDN ccTLD for China - ".中国"/".xn--fiqs8s") contain both hyphens and numerics. They are now considered invalid by Tomcat. Was it an explicit decision not to support internationalized ccTLDs in Tomcat? If not, it would seem desirable to at least add a configuration option that allows them. Regards, Tom --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
