https://bz.apache.org/bugzilla/show_bug.cgi?id=65802
--- Comment #3 from Mark Thomas <ma...@apache.org> --- The Javadoc for HttpServletResponse addHeader and setHeader don't define the behaviour for invalid inputs. You could argue the Javadoc implies that the inputs are expected to be HTTP specification compliant. Then you get the instances where the client is expecting a header that is technically invalid but possible to send (at the moment). We have no basis (from the Servlet spec) to: - throw an exception - ignore the header so my initial response is; "The application is setting the illegal header. If that is a problem, fix the application." Longer term, if the Servlet spec is updated to say invalid headers can be rejected then Tomcat can do something about them. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
