https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #23 from Mark Thomas <ma...@apache.org> --- (In reply to Tim from comment #22) > Mark Thomas: Why do you object to the optional config? Because it is insecure. It is for this reason that the PROXY spec explicitly states that "The receiver ... MUST not try to guess whether the protocol header is present or not." Looking at a diff against the 8.5.23, I'm also wondering if the implementation has been made at the right point. That the broadly the same implementation would need to be repeated across multiple connectors suggests it should be better implemented further up the stack. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
