https://issues.apache.org/bugzilla/show_bug.cgi?id=51557
--- Comment #1 from Mark Thomas <ma...@apache.org> 2011-07-26 16:55:56 UTC --- The exact quote from RFC 2616 is that HTTP headers "follow the same generic format as that given in Section 3.1 of RFC 822". RFC 2616 goes further in defining exactly what is permitted so RFC 2616 remains the relevant specification in this case. As per RFC 2616, HTTP header names are tokens which mean no CTLs and no separators which requires further restrictions than no CTLs and no space. The patch only addresses the HTTP BIO connector. The issue also needs to be addressed for the HTTP NIO and HTTP APR/native connectors. I have an untested patch enforces the RFC 2616 requirements and drops the header line if an invalid header name is presented (that seemed a better option than returning a 400 response). I'm currently running the test suite for all three connectors and will commit the patch assuming the tests pass. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
