You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2023/05/02 16:15:36 UTC

[tomcat] branch main updated: Deprecate allowHostHeaderMismatch and rejectIllegalHeader

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 7f9b449196 Deprecate allowHostHeaderMismatch and rejectIllegalHeader
7f9b449196 is described below

commit 7f9b449196f5be579127c179e0cc474179c8bd46
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue May 2 17:15:21 2023 +0100

    Deprecate allowHostHeaderMismatch and rejectIllegalHeader
---
 .../coyote/http11/AbstractHttp11Protocol.java      | 26 +++++++++++++++++-----
 webapps/docs/config/http.xml                       | 10 +++++++--
 2 files changed, 29 insertions(+), 7 deletions(-)

diff --git a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
index 9ffaeb0c93..e31fbb25a2 100644
--- a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
+++ b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
@@ -60,7 +60,7 @@ public abstract class AbstractHttp11Protocol<S> extends AbstractProtocol<S> {
     private final CompressionConfig compressionConfig = new CompressionConfig();
 
 
-    public AbstractHttp11Protocol(AbstractEndpoint<S, ?> endpoint) {
+    public AbstractHttp11Protocol(AbstractEndpoint<S,?> endpoint) {
         super(endpoint);
         setConnectionTimeout(Constants.DEFAULT_CONNECTION_TIMEOUT);
     }
@@ -116,7 +116,7 @@ public abstract class AbstractHttp11Protocol<S> extends AbstractProtocol<S> {
      * Over-ridden here to make the method visible to nested classes.
      */
     @Override
-    protected AbstractEndpoint<S, ?> getEndpoint() {
+    protected AbstractEndpoint<S,?> getEndpoint() {
         return super.getEndpoint();
     }
 
@@ -179,7 +179,11 @@ public abstract class AbstractHttp11Protocol<S> extends AbstractProtocol<S> {
      * the request line?
      *
      * @return {@code true} if Tomcat will allow such requests, otherwise {@code false}
+     *
+     * @deprecated This will removed in Tomcat 11 onwards where {@code allowHostHeaderMismatch} will be hard-coded to
+     *                 {@code false}.
      */
+    @Deprecated
     public boolean getAllowHostHeaderMismatch() {
         return allowHostHeaderMismatch;
     }
@@ -189,7 +193,11 @@ public abstract class AbstractHttp11Protocol<S> extends AbstractProtocol<S> {
      * the request line?
      *
      * @param allowHostHeaderMismatch {@code true} to allow such requests, {@code false} to reject them with a 400
+     *
+     * @deprecated This will removed in Tomcat 11 onwards where {@code allowHostHeaderMismatch} will be hard-coded to
+     *                 {@code false}.
      */
+    @Deprecated
     public void setAllowHostHeaderMismatch(boolean allowHostHeaderMismatch) {
         this.allowHostHeaderMismatch = allowHostHeaderMismatch;
     }
@@ -202,7 +210,11 @@ public abstract class AbstractHttp11Protocol<S> extends AbstractProtocol<S> {
      * token) will the request be rejected (with a 400 response) or will the illegal header be ignored?
      *
      * @return {@code true} if the request will be rejected or {@code false} if the header will be ignored
+     *
+     * @deprecated This will removed in Tomcat 11 onwards where {@code allowHostHeaderMismatch} will be hard-coded to
+     *                 {@code true}.
      */
+    @Deprecated
     public boolean getRejectIllegalHeader() {
         return rejectIllegalHeader;
     }
@@ -213,7 +225,11 @@ public abstract class AbstractHttp11Protocol<S> extends AbstractProtocol<S> {
      *
      * @param rejectIllegalHeader {@code true} to reject requests with illegal header names or values, {@code false} to
      *                                ignore the header
+     *
+     * @deprecated This will removed in Tomcat 11 onwards where {@code allowHostHeaderMismatch} will be hard-coded to
+     *                 {@code true}.
      */
+    @Deprecated
     public void setRejectIllegalHeader(boolean rejectIllegalHeader) {
         this.rejectIllegalHeader = rejectIllegalHeader;
     }
@@ -578,11 +594,11 @@ public abstract class AbstractHttp11Protocol<S> extends AbstractProtocol<S> {
     /**
      * The protocols that are available via internal Tomcat support for access via HTTP upgrade.
      */
-    private final Map<String, UpgradeProtocol> httpUpgradeProtocols = new HashMap<>();
+    private final Map<String,UpgradeProtocol> httpUpgradeProtocols = new HashMap<>();
     /**
      * The protocols that are available via internal Tomcat support for access via ALPN negotiation.
      */
-    private final Map<String, UpgradeProtocol> negotiatedProtocols = new HashMap<>();
+    private final Map<String,UpgradeProtocol> negotiatedProtocols = new HashMap<>();
 
     private void configureUpgradeProtocol(UpgradeProtocol upgradeProtocol) {
         // HTTP Upgrade
@@ -634,7 +650,7 @@ public abstract class AbstractHttp11Protocol<S> extends AbstractProtocol<S> {
      * To enable basic statistics to be made available for these protocols, a map of protocol name to
      * {@link UpgradeGroupInfo} instances is maintained here.
      */
-    private final Map<String, UpgradeGroupInfo> upgradeProtocolGroupInfos = new ConcurrentHashMap<>();
+    private final Map<String,UpgradeGroupInfo> upgradeProtocolGroupInfos = new ConcurrentHashMap<>();
 
     public UpgradeGroupInfo getUpgradeGroupInfo(String upgradeProtocol) {
         if (upgradeProtocol == null) {
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 928d96f3f4..236cde03a4 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -343,7 +343,10 @@
       <p>By default Tomcat will reject requests that specify a host in the
       request line but specify a different host in the host header. This
       check can be disabled by setting this attribute to <code>true</code>. If
-      not specified, the default is <code>false</code>.</p>
+      not specified, the default is <code>false</code>.
+      <br/>
+      This setting will be removed in Tomcat 11 onwards where it will be
+      hard-coded to <code>false</code>.</p>
     </attribute>
 
     <attribute name="allowedTrailerHeaders" required="false">
@@ -617,7 +620,10 @@
       value (e.g. the header name is not a token) this setting determines if the
       request will be rejected with a 400 response (<code>true</code>) or if the
       illegal header be ignored (<code>false</code>). The default value is
-      <code>true</code> which will cause the request to be rejected.</p>
+      <code>true</code> which will cause the request to be rejected.
+      <br/>
+      This setting will be removed in Tomcat 11 onwards where it will be
+      hard-coded to <code>true</code>.</p>
     </attribute>
 
     <attribute name="relaxedPathChars" required="false">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org