You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/02/21 16:12:35 UTC
DO NOT REPLY [Bug 6612] New: -
Can set headers twice
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6612>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6612
Can set headers twice
Summary: Can set headers twice
Product: Tomcat 4
Version: 4.0.2 Final
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: Other
Component: Unknown
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: kevinj@develop.com
According the the HTTP RFC (2616) section 4.2
"Multiple message-header fields with the same field-name MAY be
present in a message if and only if the entire field-value for that
header field is defined as a comma-separated list [i.e., #(values)]."
In tomcat 4.02 I can do the following
response.addHeader("Content-Length", 113);
response.addHeader("Content-Length", 83);
and the reponse will contain both Content-Length headers. Same is true for
other headers.
I realise this is a stupid thing to do but a library I'm using (the JAXM ref
impl) does this and causes problems for another Jakarta 'product' (httpclient).
Should TC check for this duplicates and only allow through the headers that are
allowed to be duplicate:
(Accept-Ranges; Allow; Cache-Control;Connection;Content-Encoding;Content-
Language;Pragma;Proxy-Authenticate;Trailer;Transfer-
Encoding;Upgrade;Via;Warning;WWW-Authenticate)
I think are the headers (and TC doesn't necessarily support all of these)
Kevin Jones
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>