On 23/03/2020 13:28, Rémy Maucherat wrote: > On Mon, Mar 23, 2020 at 2:01 PM Mark Thomas <ma...@apache.org > <mailto:ma...@apache.org>> wrote:
<snip/> > With all of the above in mind I propose: > > - Doing nothing! I think Tomcat is striking the right balance here. > > This means: > GET /CRLF -> processed as HTTP/0.9 > GET /LF -> processed as HTTP/0.9 > GET / CRLF -> processed as HTTP/1.1 and rejected as invalid > GET / LF -> processed as HTTP/1.1 and rejected as invalid > > I want to write some tests to check this is behaving as expected but I'm > not expecting any changes to the parsing at this point. > > > +1, that sounds really good ! I wrote too soon :) GET / CRLF was being parsed as malformed HTTP/0.9 so there are going to be changes to the parsing to make "GET / LF" and "GET / CRLF" consistent (invalid HTTP/1.1). Treating both as HTTP/1.1 I think I can see a way to make the parsing less hacky and have the code be a little clearer. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
