You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2017/01/24 19:08:50 UTC
HTTP response reason phrases
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
All,
I'm cross-posting dev@ and users@, but please only reply to dev@ if
you'd like to get involved in this discussion.
I'd like to openly-discuss r1702765 [1]. There have been some
complaints on both users@ and dev@ and some BZ issues filed against
Tomcat 8.5 and 9.0 for removing the reason phrase. It happened in
r1702765 with no referenced BZ issue and was first released with
Tomcat 8.5.0 -- the initial release of Tomcat 8.5 -- as well as 9.0.0.M1
.
This issue doesn't really affect me, but some recent conversations
about the "stability" (in terms of "things not changing") of Tomcat
have me thinking about the implications of making this change in
Tomcat 8.5.x and not in just Tomcat 9.0.x.
It is well-known within this community that Tomcat 8.0.x and Tomcat
8.5.x are distinct versions, but since the major version number is the
same, many have expectations that nothing serious is going to change.
Of course, 8.5.x has *many* serious changes to it with respect to
Tomcat 8.0.x. But this one seems to be tripping a lot of people up.
Those who are filing bugs, etc. are quite adamant that the reason
phrase is "required" for certain things. To be sure, the reason phrase
will only be required by non-compliant clients, and so technically the
client is at fault, here.
I'm wondering what the wider community thinks about this change and
whether or not we should consider reverting it for Tomcat 8.5.x.
Again, please reply to the dev@ list, since that's where this
discussion belongs. I just wanted to make sure I reached the widest
audience possible to begin a discussion.
Thanks,
- -chris
[1] http://svn.apache.org/viewvc?view=revision&revision=r1702765
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJYh6ZCAAoJEBzwKT+lPKRYnJgQAIe57jJw2iUk86I63NGsqPnY
IKWjZoMuqd8vlczn8/FF/drWMV7ObYsrhsYmJATR5iVI+/xdEXB7n8cMO7B7+ryV
Sxe1Tcmh/tBNJ83a8C+zSHWvnIELYRonHm9syApa7onPKcsoEe6MTrsdL1M+An9U
9IvXtH3BfYKAynze5pkNS6I+ILjgWvNSclJFHmDNHWmRPyqdob4OtMWkSSU3qRBX
FfbEk9IMrEbIit6CH75dw9xfaUDDRudnw3MBkKaV8VOLUoykvSMK1w9GdufO4ohP
Dw/+l6CkXl8xCSRcNwXrDdJcisT9gN6Ey7+g7zrgAcg62RP3ftrQMCzT2VDQV3b4
IlZfTi+vEdsKKzGUdH+OLbN0+hiW0bnuxJmTG2zQSGwKsIh78aFdPKShv4u22XKB
xfcKn9c6XGUHH88j0ZVSOLh2AmORCvuDfQNA3NJCOceRwQsV1OHAda65fFlkjyiz
Q/yMMV8VlblGJRItN1nEwheIs9ru3MokRBhaXQ78ehSkRxbkIPawP6ZSiojmv/80
aKx3/T413GOK4e18sK3XFHP4NowkR7VR/a1R5Py7L2kpzhMJcc4bstYuE9hugfiN
BaECAT66qahCmP0xVoiFEB2A0+sD0wRKZ6K1gPCarPdLKh6cX4poRcMK4i0jgG2a
cao/Frb1y8JDm8maw1Q8
=oQCi
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: HTTP response reason phrases
Posted by Rémy Maucherat <re...@apache.org>.
2017-01-24 20:08 GMT+01:00 Christopher Schultz <chris@christopherschultz.net
>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> All,
>
> I'm cross-posting dev@ and users@, but please only reply to dev@ if
> you'd like to get involved in this discussion.
>
> I'd like to openly-discuss r1702765 [1]. There have been some
> complaints on both users@ and dev@ and some BZ issues filed against
> Tomcat 8.5 and 9.0 for removing the reason phrase. It happened in
> r1702765 with no referenced BZ issue and was first released with
> Tomcat 8.5.0 -- the initial release of Tomcat 8.5 -- as well as 9.0.0.M1
> .
>
> This issue doesn't really affect me, but some recent conversations
> about the "stability" (in terms of "things not changing") of Tomcat
> have me thinking about the implications of making this change in
> Tomcat 8.5.x and not in just Tomcat 9.0.x.
>
> It is well-known within this community that Tomcat 8.0.x and Tomcat
> 8.5.x are distinct versions, but since the major version number is the
> same, many have expectations that nothing serious is going to change.
> Of course, 8.5.x has *many* serious changes to it with respect to
> Tomcat 8.0.x. But this one seems to be tripping a lot of people up.
>
- 8.5 is already changing a number of things (since it's supposed to be 9,
so it's normal).
- the clients we're talking about are ancient.
- I only saw "a few" people affected, not "a lot".
It's better to avoid breaking things, but I don't see the benefit of
reverting it or bothering with an option.
Rémy
>
> Those who are filing bugs, etc. are quite adamant that the reason
> phrase is "required" for certain things. To be sure, the reason phrase
> will only be required by non-compliant clients, and so technically the
> client is at fault, here.
>
> I'm wondering what the wider community thinks about this change and
> whether or not we should consider reverting it for Tomcat 8.5.x.
>
> Again, please reply to the dev@ list, since that's where this
> discussion belongs. I just wanted to make sure I reached the widest
> audience possible to begin a discussion.
>
> Thanks,
> - -chris
>
> [1] http://svn.apache.org/viewvc?view=revision&revision=r1702765
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJYh6ZCAAoJEBzwKT+lPKRYnJgQAIe57jJw2iUk86I63NGsqPnY
> IKWjZoMuqd8vlczn8/FF/drWMV7ObYsrhsYmJATR5iVI+/xdEXB7n8cMO7B7+ryV
> Sxe1Tcmh/tBNJ83a8C+zSHWvnIELYRonHm9syApa7onPKcsoEe6MTrsdL1M+An9U
> 9IvXtH3BfYKAynze5pkNS6I+ILjgWvNSclJFHmDNHWmRPyqdob4OtMWkSSU3qRBX
> FfbEk9IMrEbIit6CH75dw9xfaUDDRudnw3MBkKaV8VOLUoykvSMK1w9GdufO4ohP
> Dw/+l6CkXl8xCSRcNwXrDdJcisT9gN6Ey7+g7zrgAcg62RP3ftrQMCzT2VDQV3b4
> IlZfTi+vEdsKKzGUdH+OLbN0+hiW0bnuxJmTG2zQSGwKsIh78aFdPKShv4u22XKB
> xfcKn9c6XGUHH88j0ZVSOLh2AmORCvuDfQNA3NJCOceRwQsV1OHAda65fFlkjyiz
> Q/yMMV8VlblGJRItN1nEwheIs9ru3MokRBhaXQ78ehSkRxbkIPawP6ZSiojmv/80
> aKx3/T413GOK4e18sK3XFHP4NowkR7VR/a1R5Py7L2kpzhMJcc4bstYuE9hugfiN
> BaECAT66qahCmP0xVoiFEB2A0+sD0wRKZ6K1gPCarPdLKh6cX4poRcMK4i0jgG2a
> cao/Frb1y8JDm8maw1Q8
> =oQCi
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: HTTP response reason phrases
Posted by Rémy Maucherat <re...@apache.org>.
2017-01-24 20:08 GMT+01:00 Christopher Schultz <chris@christopherschultz.net
>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> All,
>
> I'm cross-posting dev@ and users@, but please only reply to dev@ if
> you'd like to get involved in this discussion.
>
> I'd like to openly-discuss r1702765 [1]. There have been some
> complaints on both users@ and dev@ and some BZ issues filed against
> Tomcat 8.5 and 9.0 for removing the reason phrase. It happened in
> r1702765 with no referenced BZ issue and was first released with
> Tomcat 8.5.0 -- the initial release of Tomcat 8.5 -- as well as 9.0.0.M1
> .
>
> This issue doesn't really affect me, but some recent conversations
> about the "stability" (in terms of "things not changing") of Tomcat
> have me thinking about the implications of making this change in
> Tomcat 8.5.x and not in just Tomcat 9.0.x.
>
> It is well-known within this community that Tomcat 8.0.x and Tomcat
> 8.5.x are distinct versions, but since the major version number is the
> same, many have expectations that nothing serious is going to change.
> Of course, 8.5.x has *many* serious changes to it with respect to
> Tomcat 8.0.x. But this one seems to be tripping a lot of people up.
>
- 8.5 is already changing a number of things (since it's supposed to be 9,
so it's normal).
- the clients we're talking about are ancient.
- I only saw "a few" people affected, not "a lot".
It's better to avoid breaking things, but I don't see the benefit of
reverting it or bothering with an option.
Rémy
>
> Those who are filing bugs, etc. are quite adamant that the reason
> phrase is "required" for certain things. To be sure, the reason phrase
> will only be required by non-compliant clients, and so technically the
> client is at fault, here.
>
> I'm wondering what the wider community thinks about this change and
> whether or not we should consider reverting it for Tomcat 8.5.x.
>
> Again, please reply to the dev@ list, since that's where this
> discussion belongs. I just wanted to make sure I reached the widest
> audience possible to begin a discussion.
>
> Thanks,
> - -chris
>
> [1] http://svn.apache.org/viewvc?view=revision&revision=r1702765
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJYh6ZCAAoJEBzwKT+lPKRYnJgQAIe57jJw2iUk86I63NGsqPnY
> IKWjZoMuqd8vlczn8/FF/drWMV7ObYsrhsYmJATR5iVI+/xdEXB7n8cMO7B7+ryV
> Sxe1Tcmh/tBNJ83a8C+zSHWvnIELYRonHm9syApa7onPKcsoEe6MTrsdL1M+An9U
> 9IvXtH3BfYKAynze5pkNS6I+ILjgWvNSclJFHmDNHWmRPyqdob4OtMWkSSU3qRBX
> FfbEk9IMrEbIit6CH75dw9xfaUDDRudnw3MBkKaV8VOLUoykvSMK1w9GdufO4ohP
> Dw/+l6CkXl8xCSRcNwXrDdJcisT9gN6Ey7+g7zrgAcg62RP3ftrQMCzT2VDQV3b4
> IlZfTi+vEdsKKzGUdH+OLbN0+hiW0bnuxJmTG2zQSGwKsIh78aFdPKShv4u22XKB
> xfcKn9c6XGUHH88j0ZVSOLh2AmORCvuDfQNA3NJCOceRwQsV1OHAda65fFlkjyiz
> Q/yMMV8VlblGJRItN1nEwheIs9ru3MokRBhaXQ78ehSkRxbkIPawP6ZSiojmv/80
> aKx3/T413GOK4e18sK3XFHP4NowkR7VR/a1R5Py7L2kpzhMJcc4bstYuE9hugfiN
> BaECAT66qahCmP0xVoiFEB2A0+sD0wRKZ6K1gPCarPdLKh6cX4poRcMK4i0jgG2a
> cao/Frb1y8JDm8maw1Q8
> =oQCi
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: HTTP response reason phrases
Posted by Huxing Zhang <hu...@gmail.com>.
Hi,
I think the problem is that how we target tomcat 8.5 to the users.
Is it a biased to 8.0, or is it biased to 9.0?
For the former case, we should keep the backward compatibility as much
as possible.
For the latter case, breaking things should be assumable by end users.
IMO, 8.5 should be the former case. However, I don't think most of the
user will be affected by this change.
Therefore the priority should be MINOR or even TRIVIAL.
Overall, I am +0 to add an option to restore the reason phase in 8.5(
a warning message should be logged if this option is turned on), and
drop the option in 9.x.
Anyway, we should note this change in 8.5 migration guide [1].
[1] http://tomcat.apache.org/migration-85.html
On Wed, Jan 25, 2017 at 3:08 AM, Christopher Schultz
<ch...@christopherschultz.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> All,
>
> I'm cross-posting dev@ and users@, but please only reply to dev@ if
> you'd like to get involved in this discussion.
>
> I'd like to openly-discuss r1702765 [1]. There have been some
> complaints on both users@ and dev@ and some BZ issues filed against
> Tomcat 8.5 and 9.0 for removing the reason phrase. It happened in
> r1702765 with no referenced BZ issue and was first released with
> Tomcat 8.5.0 -- the initial release of Tomcat 8.5 -- as well as 9.0.0.M1
> .
>
> This issue doesn't really affect me, but some recent conversations
> about the "stability" (in terms of "things not changing") of Tomcat
> have me thinking about the implications of making this change in
> Tomcat 8.5.x and not in just Tomcat 9.0.x.
>
> It is well-known within this community that Tomcat 8.0.x and Tomcat
> 8.5.x are distinct versions, but since the major version number is the
> same, many have expectations that nothing serious is going to change.
> Of course, 8.5.x has *many* serious changes to it with respect to
> Tomcat 8.0.x. But this one seems to be tripping a lot of people up.
>
> Those who are filing bugs, etc. are quite adamant that the reason
> phrase is "required" for certain things. To be sure, the reason phrase
> will only be required by non-compliant clients, and so technically the
> client is at fault, here.
>
> I'm wondering what the wider community thinks about this change and
> whether or not we should consider reverting it for Tomcat 8.5.x.
>
> Again, please reply to the dev@ list, since that's where this
> discussion belongs. I just wanted to make sure I reached the widest
> audience possible to begin a discussion.
>
> Thanks,
> - -chris
>
> [1] http://svn.apache.org/viewvc?view=revision&revision=r1702765
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJYh6ZCAAoJEBzwKT+lPKRYnJgQAIe57jJw2iUk86I63NGsqPnY
> IKWjZoMuqd8vlczn8/FF/drWMV7ObYsrhsYmJATR5iVI+/xdEXB7n8cMO7B7+ryV
> Sxe1Tcmh/tBNJ83a8C+zSHWvnIELYRonHm9syApa7onPKcsoEe6MTrsdL1M+An9U
> 9IvXtH3BfYKAynze5pkNS6I+ILjgWvNSclJFHmDNHWmRPyqdob4OtMWkSSU3qRBX
> FfbEk9IMrEbIit6CH75dw9xfaUDDRudnw3MBkKaV8VOLUoykvSMK1w9GdufO4ohP
> Dw/+l6CkXl8xCSRcNwXrDdJcisT9gN6Ey7+g7zrgAcg62RP3ftrQMCzT2VDQV3b4
> IlZfTi+vEdsKKzGUdH+OLbN0+hiW0bnuxJmTG2zQSGwKsIh78aFdPKShv4u22XKB
> xfcKn9c6XGUHH88j0ZVSOLh2AmORCvuDfQNA3NJCOceRwQsV1OHAda65fFlkjyiz
> Q/yMMV8VlblGJRItN1nEwheIs9ru3MokRBhaXQ78ehSkRxbkIPawP6ZSiojmv/80
> aKx3/T413GOK4e18sK3XFHP4NowkR7VR/a1R5Py7L2kpzhMJcc4bstYuE9hugfiN
> BaECAT66qahCmP0xVoiFEB2A0+sD0wRKZ6K1gPCarPdLKh6cX4poRcMK4i0jgG2a
> cao/Frb1y8JDm8maw1Q8
> =oQCi
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
--
Best Regards!
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: HTTP response reason phrases
Posted by Josh Soref <js...@gmail.com>.
Christopher Schultz wrote:
> I'm wondering what the wider community thinks about this change and
> whether or not we should consider reverting it for Tomcat 8.5.x.
Mark Thomas wrote:
> The root cause is non-specification compliant clients. I generally don't
> view specification non-compliance in third party code a good reason to
> make a change in Tomcat.
>
> Overall I am -0 on reverting the change for 8.5.x.
I'm not a big Tomcat contributor, but I do work on various things, and
have spent a long time working on web browsers and web standards.
I'd be a -0 at best.
A /moderately/ quick search found a server that would return a 200
with text other than "OK"
In addition to the "200 Tunnel established" that I found and linked to,
boa would occasionally spit out "HTTP/1.0 200 OK-GUNZIP" which may or
may not have been compatible with quirky clients that expect "200 OK".
Note that a well behaved client (e.g. a browser) tolerated 200
WHATEVER at the beginning of time. I can't easily go to before Gecko
moved to HG, but by then, it was certainly tolerant. And I'm fairly
confident it was by the time it was open sourced... I vaguely recall
writing web servers which had other messages, and I think I even saw
servers that did (~15 years ago).
HTTP/2 apparently doesn't include a status message (which is
presumably why Tomcat is dropping it in the first place).
Clients in the real world have to update in order to interact with
modern servers. If your client doesn't support SSL, it will soon be
unable to access most resources. If it doesn't support TLS, likewise.
If it only supports SHA1, it's in a similar boat. And of course, if
your useragent doesn't periodically update its CA list, it will
eventually not be able to connect to web servers.
I recently forced the people in my office to update Java to get
current certificates.
By forcing bad clients to fix their stuff sooner, you're doing the
world a favor.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: HTTP response reason phrases
Posted by Romain Manni-Bucau <rm...@gmail.com>.
2017-01-25 20:51 GMT+01:00 Christopher Schultz <chris@christopherschultz.net
>:
> Romain,
>
> On 1/25/17 5:30 AM, Romain Manni-Bucau wrote:
> > 8.5 just being almost a N-1 spec version of tomcat 9 I think they should
> > stay aligned as much as possible.
>
> Yes, but 8.5 is a N+0 spec version of Tomcat 8.0. I think since Tomcat
> 8.5 is being pushed as the hurry-up upgrade for Tomcat 8.0, it should be
> more compatible with Tomcat 8.0 when there is a choice.
>
> I think Rainer articulated this better than I could.
>
>
I see (interesting to see that .5 is closer to 1 for some and to 0 for
others ;)).
However I think it doesn't change the fact it delay the issue for some time
so would be curious to see the actual issue having it configurable, if none
it is surely the best way to make everyone happy, no?
> On 1/25/17 5:09 AM, Rainer Jung wrote:
> > So given the fact that there's no workaround for people who need to
> > support clients which require a non-empty reason phrase and also that
> > our story for users of 8.0 is to migrate soon and easy to 8.5, I would
> > be +1 for a configurable option to bring back reason phrases. Default
> > would be "no reason phrases".
>
> -chris
>
>
>
Re: HTTP response reason phrases
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Romain,
On 1/25/17 5:30 AM, Romain Manni-Bucau wrote:
> 8.5 just being almost a N-1 spec version of tomcat 9 I think they should
> stay aligned as much as possible.
Yes, but 8.5 is a N+0 spec version of Tomcat 8.0. I think since Tomcat
8.5 is being pushed as the hurry-up upgrade for Tomcat 8.0, it should be
more compatible with Tomcat 8.0 when there is a choice.
I think Rainer articulated this better than I could.
On 1/25/17 5:09 AM, Rainer Jung wrote:
> So given the fact that there's no workaround for people who need to
> support clients which require a non-empty reason phrase and also that
> our story for users of 8.0 is to migrate soon and easy to 8.5, I would
> be +1 for a configurable option to bring back reason phrases. Default
> would be "no reason phrases".
-chris
Re: HTTP response reason phrases
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Hi guys,
8.5 just being almost a N-1 spec version of tomcat 9 I think they should
stay aligned as much as possible. Also note that fixing it in 8.5 will just
delay the issue for 9.x. I'm not sure I see the blocking point to add a
configuration for that (agree it is not spec compliant but it is a nice
feature for broken clients which are widely spread in some languages) but
please keep 8.5 and 9 aligned since migrations are expected (and are)
smooth for now.
Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<https://blog-rmannibucau.rhcloud.com> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory
<https://javaeefactory-rmannibucau.rhcloud.com>
2017-01-25 11:27 GMT+01:00 Rainer Jung <ra...@kippdata.de>:
> Am 25.01.2017 um 11:09 schrieb Rainer Jung:
>
>> Am 24.01.2017 um 21:03 schrieb Mark Thomas:
>>
>>> On 24/01/2017 19:08, Christopher Schultz wrote:
>>>
>>> I'm wondering what the wider community thinks about this change and
>>>> whether or not we should consider reverting it for Tomcat 8.5.x.
>>>>
>>>
>>> 8.5.x has been out for 10 months and stable for 7. It is probably still
>>> early enough that we are seeing issues from the early adopters. We
>>> might, therefore, see more issues moving forwards.
>>>
>>> This change is listed in the change-log for 8.5.0.
>>>
>>> The root cause is non-specification compliant clients. I generally don't
>>> view specification non-compliance in third party code a good reason to
>>> make a change in Tomcat.
>>>
>>> Overall I am -0 on reverting the change for 8.5.x.
>>>
>>
>> For 8.5 we should be aware of the fact, that 8.5 was meant as a quick
>> replacement for 8.0 with a reduced support time for 8.0. We also used
>> wording like "superseded" on the "Which version" page and probably the
>> overall impression is people should soon switch from 8.0 to 8.5 and the
>> switch is an easy one to do as long as you do not start to use the new
>> features.
>>
>> Dropping the reason phrase probably is mostly motivated by the new
>> language "A client SHOULD ignore the reason-phrase content." in RFC 7230
>> section 3.1.2. Although also the older RFC 2616 already allowed an empty
>> reason phrase "Reason-Phrase = *<TEXT, excluding CR, LF>" the language
>> was less strict: "The client is not required to examine or display the
>> Reason-Phrase.".
>>
>> IMHO it was only later that servers actually started to drop the reason
>> phrase to save a few bytes. Originally it was deemed useful as the old
>> spec states "The Reason-Phrase is intended to give a short textual
>> description of the Status-Code. The ... Reason-Phrase is intended for
>> the human user."
>>
>> The compatibility break with clients who do not confirm to the newer
>> http spec and instead demand the reason phrase will break any
>> communication with them. It is not a "be strict in what you send"
>> situation for us as a server, because the spec does not require us to
>> send an empty reason phrase.
>>
>> So given the fact that there's no workaround for people who need to
>> support clients which require a non-empty reason phrase and also that
>> our story for users of 8.0 is to migrate soon and easy to 8.5, I would
>> be +1 for a configurable option to bring back reason phrases. Default
>> would be "no reason phrases".
>>
>
> I forgot: an option only for 8.5. Dropping it in 9.0 is fine for me.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>
Re: HTTP response reason phrases
Posted by Rainer Jung <ra...@kippdata.de>.
Am 25.01.2017 um 11:09 schrieb Rainer Jung:
> Am 24.01.2017 um 21:03 schrieb Mark Thomas:
>> On 24/01/2017 19:08, Christopher Schultz wrote:
>>
>>> I'm wondering what the wider community thinks about this change and
>>> whether or not we should consider reverting it for Tomcat 8.5.x.
>>
>> 8.5.x has been out for 10 months and stable for 7. It is probably still
>> early enough that we are seeing issues from the early adopters. We
>> might, therefore, see more issues moving forwards.
>>
>> This change is listed in the change-log for 8.5.0.
>>
>> The root cause is non-specification compliant clients. I generally don't
>> view specification non-compliance in third party code a good reason to
>> make a change in Tomcat.
>>
>> Overall I am -0 on reverting the change for 8.5.x.
>
> For 8.5 we should be aware of the fact, that 8.5 was meant as a quick
> replacement for 8.0 with a reduced support time for 8.0. We also used
> wording like "superseded" on the "Which version" page and probably the
> overall impression is people should soon switch from 8.0 to 8.5 and the
> switch is an easy one to do as long as you do not start to use the new
> features.
>
> Dropping the reason phrase probably is mostly motivated by the new
> language "A client SHOULD ignore the reason-phrase content." in RFC 7230
> section 3.1.2. Although also the older RFC 2616 already allowed an empty
> reason phrase "Reason-Phrase = *<TEXT, excluding CR, LF>" the language
> was less strict: "The client is not required to examine or display the
> Reason-Phrase.".
>
> IMHO it was only later that servers actually started to drop the reason
> phrase to save a few bytes. Originally it was deemed useful as the old
> spec states "The Reason-Phrase is intended to give a short textual
> description of the Status-Code. The ... Reason-Phrase is intended for
> the human user."
>
> The compatibility break with clients who do not confirm to the newer
> http spec and instead demand the reason phrase will break any
> communication with them. It is not a "be strict in what you send"
> situation for us as a server, because the spec does not require us to
> send an empty reason phrase.
>
> So given the fact that there's no workaround for people who need to
> support clients which require a non-empty reason phrase and also that
> our story for users of 8.0 is to migrate soon and easy to 8.5, I would
> be +1 for a configurable option to bring back reason phrases. Default
> would be "no reason phrases".
I forgot: an option only for 8.5. Dropping it in 9.0 is fine for me.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: HTTP response reason phrases
Posted by Josh Soref <js...@gmail.com>.
Rainer Jung wrote:
> the old spec states "The Reason-Phrase is intended to give a short textual
> description of the Status-Code.
> The ... Reason-Phrase is intended for the human user."
"human user" should be a pretty big clue that a UA should not be using
it to make any decisions.
Any UA that made decisions based on this field is totally broken. It
doesn't say "Reason-Phrase is intended for the UA".
As someone who is currently working on dragging clients into the
future, and who has seen all the cruft the web has accumulated because
we've tried to be nice to broken clients, I'm happy when servers break
clients and force them to upgrade. On average if those clients got
this wrong, they probably are also sufficiently old as to have
security vulnerabilities and should be updated (or replaced) anyway.
That said, this isn't an advocacy list, and I've already expressed my
preference. But wearing a Spec hat, and wearing a W3C hat, and wearing
a hat as someone who proofreads RFCs, the UA in question is in the
wrong.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: HTTP response reason phrases
Posted by Rainer Jung <ra...@kippdata.de>.
Am 24.01.2017 um 21:03 schrieb Mark Thomas:
> On 24/01/2017 19:08, Christopher Schultz wrote:
>
>> I'm wondering what the wider community thinks about this change and
>> whether or not we should consider reverting it for Tomcat 8.5.x.
>
> 8.5.x has been out for 10 months and stable for 7. It is probably still
> early enough that we are seeing issues from the early adopters. We
> might, therefore, see more issues moving forwards.
>
> This change is listed in the change-log for 8.5.0.
>
> The root cause is non-specification compliant clients. I generally don't
> view specification non-compliance in third party code a good reason to
> make a change in Tomcat.
>
> Overall I am -0 on reverting the change for 8.5.x.
For 8.5 we should be aware of the fact, that 8.5 was meant as a quick
replacement for 8.0 with a reduced support time for 8.0. We also used
wording like "superseded" on the "Which version" page and probably the
overall impression is people should soon switch from 8.0 to 8.5 and the
switch is an easy one to do as long as you do not start to use the new
features.
Dropping the reason phrase probably is mostly motivated by the new
language "A client SHOULD ignore the reason-phrase content." in RFC 7230
section 3.1.2. Although also the older RFC 2616 already allowed an empty
reason phrase "Reason-Phrase = *<TEXT, excluding CR, LF>" the language
was less strict: "The client is not required to examine or display the
Reason-Phrase.".
IMHO it was only later that servers actually started to drop the reason
phrase to save a few bytes. Originally it was deemed useful as the old
spec states "The Reason-Phrase is intended to give a short textual
description of the Status-Code. The ... Reason-Phrase is intended for
the human user."
The compatibility break with clients who do not confirm to the newer
http spec and instead demand the reason phrase will break any
communication with them. It is not a "be strict in what you send"
situation for us as a server, because the spec does not require us to
send an empty reason phrase.
So given the fact that there's no workaround for people who need to
support clients which require a non-empty reason phrase and also that
our story for users of 8.0 is to migrate soon and easy to 8.5, I would
be +1 for a configurable option to bring back reason phrases. Default
would be "no reason phrases".
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: HTTP response reason phrases
Posted by Mark Thomas <ma...@apache.org>.
On 24/01/2017 19:08, Christopher Schultz wrote:
> I'm wondering what the wider community thinks about this change and
> whether or not we should consider reverting it for Tomcat 8.5.x.
8.5.x has been out for 10 months and stable for 7. It is probably still
early enough that we are seeing issues from the early adopters. We
might, therefore, see more issues moving forwards.
This change is listed in the change-log for 8.5.0.
The root cause is non-specification compliant clients. I generally don't
view specification non-compliance in third party code a good reason to
make a change in Tomcat.
Overall I am -0 on reverting the change for 8.5.x.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org