This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 8dc1c11088 HTTP method names are case sensitive (RFC 9110, 9.1)
8dc1c11088 is described below
commit 8dc1c110889bf287156cffbbbdcc4186827c0214
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Sep 10 17:04:48 2025 +0100
HTTP method names are case sensitive (RFC 9110, 9.1)
---
java/org/apache/catalina/authenticator/AuthenticatorBase.java | 2 +-
java/org/apache/catalina/authenticator/FormAuthenticator.java | 4 ++--
java/org/apache/catalina/ssi/SSIServletExternalResolver.java | 2 +-
test/org/apache/catalina/startup/TomcatBaseTest.java | 2 +-
webapps/docs/changelog.xml | 4 ++++
5 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index 8f99ee8a12..0efd94e587 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -486,7 +486,7 @@ public abstract class AuthenticatorBase extends ValveBase
implements Authenticat
// Make sure that constrained resources are not cached by web proxies
// or browsers as caching can provide a security hole
- if (constraints != null && disableProxyCaching &&
!"POST".equalsIgnoreCase(request.getMethod())) {
+ if (constraints != null && disableProxyCaching &&
!"POST".equals(request.getMethod())) {
if (securePagesWithPragma) {
// Note: These can cause problems with downloading files with
IE
response.setHeader("Pragma", "No-cache");
diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java
b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index 1ec8022a7d..1c953bd242 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -590,7 +590,7 @@ public class FormAuthenticator extends AuthenticatorBase {
String method = saved.getMethod();
MimeHeaders rmh = request.getCoyoteRequest().getMimeHeaders();
rmh.recycle();
- boolean cacheable = "GET".equalsIgnoreCase(method) ||
"HEAD".equalsIgnoreCase(method);
+ boolean cacheable = "GET".equals(method) || "HEAD".equals(method);
Iterator<String> names = saved.getHeaderNames();
while (names.hasNext()) {
String name = names.next();
@@ -624,7 +624,7 @@ public class FormAuthenticator extends AuthenticatorBase {
// If no content type specified, use default for POST
String savedContentType = saved.getContentType();
- if (savedContentType == null && "POST".equalsIgnoreCase(method)) {
+ if (savedContentType == null && "POST".equals(method)) {
savedContentType = Globals.CONTENT_TYPE_FORM_URL_ENCODING;
}
diff --git a/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
b/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
index b310891ba7..495eb4d23c 100644
--- a/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
+++ b/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
@@ -500,7 +500,7 @@ public class SSIServletExternalResolver implements
SSIExternalResolver {
* Make an assumption that an empty response is a failure. This is
a problem if a truly empty file were
* included, but not sure how else to tell.
*/
- if (retVal.isEmpty() && !req.getMethod().equalsIgnoreCase("HEAD"))
{
+ if (retVal.isEmpty() && !req.getMethod().equals("HEAD")) {
throw new
IOException(sm.getString("ssiServletExternalResolver.noFile", path));
}
return retVal;
diff --git a/test/org/apache/catalina/startup/TomcatBaseTest.java
b/test/org/apache/catalina/startup/TomcatBaseTest.java
index 24b57af14a..aaeef41be8 100644
--- a/test/org/apache/catalina/startup/TomcatBaseTest.java
+++ b/test/org/apache/catalina/startup/TomcatBaseTest.java
@@ -595,7 +595,7 @@ public abstract class TomcatBaseTest extends
LoggingBaseTest {
}
int bodySize = 0;
- if ("PUT".equalsIgnoreCase(request.getMethod())) {
+ if ("PUT".equals(request.getMethod())) {
InputStream is = request.getInputStream();
int read = 0;
byte[] buffer = new byte[8192];
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0483c4dad9..3df1637cfd 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -119,6 +119,10 @@
Correct a regression in the fix for <bug>69781</bug> that broke
<code>FileStore</code>. (markt)
</fix>
+ <fix>
+ HTTP methods are case-sensitive so always use case sensitive
comparisons
+ when comparing HTTP methods. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
