You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/02/21 16:12:35 UTC

DO NOT REPLY [Bug 6612] New: - Can set headers twice

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6612>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6612

Can set headers twice

           Summary: Can set headers twice
           Product: Tomcat 4
           Version: 4.0.2 Final
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Unknown
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: kevinj@develop.com


According the the HTTP RFC (2616) section 4.2 

"Multiple message-header fields with the same field-name MAY be
   present in a message if and only if the entire field-value for that
   header field is defined as a comma-separated list [i.e., #(values)]."

In tomcat 4.02 I can do the following

response.addHeader("Content-Length", 113);
response.addHeader("Content-Length", 83);

and the reponse will contain both Content-Length headers. Same is true for 
other headers.

I realise this is a stupid thing to do but a library I'm using (the JAXM ref 
impl) does this and causes problems for another Jakarta 'product' (httpclient). 
Should TC check for this duplicates and only allow through the headers that are 
allowed to be duplicate:
(Accept-Ranges; Allow; Cache-Control;Connection;Content-Encoding;Content-
Language;Pragma;Proxy-Authenticate;Trailer;Transfer-
Encoding;Upgrade;Via;Warning;WWW-Authenticate)

I think are the headers (and TC doesn't necessarily support all of these)

Kevin Jones

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>