https://bz.apache.org/bugzilla/show_bug.cgi?id=62476
Bug ID: 62476
Summary: Expires header shall use GMT timezone
Product: Tomcat 9
Version: 9.0.8
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: -----
This issue was originally reported in a pull request
https://github.com/apache/tomcat/pull/115
I am confirming the issue and stating it here for a more clear description.
Steps to reproduce:
1. Start Tomcat
2. Open a Browser and configure it to inspect network traffic (e.g. open
"Network" tab in Developer's tools in Firefox)
3. Navigate to
http://localhost:8080/examples/jsp/security/protected/index.jsp
ACTUAL BEHAVIOR, Tomcat 9:
The following response headers are sent by the server:
[[[
HTTP/1.1 200
Cache-Control: private
Expires: Thu, 01 Jan 1970 03:00:00 MSK
Set-Cookie: JSESSIONID=1D318BE83811595C4AAB11B7859D613B; Path=/examples;
HttpOnly
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 650
Date: Wed, 20 Jun 2018 13:04:40 GMT
]]]
EXPECTED BEHAVIOR:
The "Expires" header should be in GMT, like the "Date" header already is.
SPECIFICATION:
https://tools.ietf.org/html/rfc7234#section-5.3
https://tools.ietf.org/html/rfc7231#section-7.1.1.1
The chapter 7.1.1.1 defines "IMF-fixdate" production with literal string of
"GMT". Obsolete date time formats there ("obs-date") do not cover this case
either: they are for rfc850 and asctime dates.
> GMT = %x47.4D.54 ; "GMT", case-sensitive
This issue is reproducible with Tomcat 9.
It is reproducible with Tomcat 7.0.88 as well.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
