You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2023/05/02 16:15:36 UTC
[tomcat] branch main updated: Deprecate allowHostHeaderMismatch and rejectIllegalHeader
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 7f9b449196 Deprecate allowHostHeaderMismatch and rejectIllegalHeader
7f9b449196 is described below
commit 7f9b449196f5be579127c179e0cc474179c8bd46
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue May 2 17:15:21 2023 +0100
Deprecate allowHostHeaderMismatch and rejectIllegalHeader
---
.../coyote/http11/AbstractHttp11Protocol.java | 26 +++++++++++++++++-----
webapps/docs/config/http.xml | 10 +++++++--
2 files changed, 29 insertions(+), 7 deletions(-)
diff --git a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
index 9ffaeb0c93..e31fbb25a2 100644
--- a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
+++ b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
@@ -60,7 +60,7 @@ public abstract class AbstractHttp11Protocol<S> extends AbstractProtocol<S> {
private final CompressionConfig compressionConfig = new CompressionConfig();
- public AbstractHttp11Protocol(AbstractEndpoint<S, ?> endpoint) {
+ public AbstractHttp11Protocol(AbstractEndpoint<S,?> endpoint) {
super(endpoint);
setConnectionTimeout(Constants.DEFAULT_CONNECTION_TIMEOUT);
}
@@ -116,7 +116,7 @@ public abstract class AbstractHttp11Protocol<S> extends AbstractProtocol<S> {
* Over-ridden here to make the method visible to nested classes.
*/
@Override
- protected AbstractEndpoint<S, ?> getEndpoint() {
+ protected AbstractEndpoint<S,?> getEndpoint() {
return super.getEndpoint();
}
@@ -179,7 +179,11 @@ public abstract class AbstractHttp11Protocol<S> extends AbstractProtocol<S> {
* the request line?
*
* @return {@code true} if Tomcat will allow such requests, otherwise {@code false}
+ *
+ * @deprecated This will removed in Tomcat 11 onwards where {@code allowHostHeaderMismatch} will be hard-coded to
+ * {@code false}.
*/
+ @Deprecated
public boolean getAllowHostHeaderMismatch() {
return allowHostHeaderMismatch;
}
@@ -189,7 +193,11 @@ public abstract class AbstractHttp11Protocol<S> extends AbstractProtocol<S> {
* the request line?
*
* @param allowHostHeaderMismatch {@code true} to allow such requests, {@code false} to reject them with a 400
+ *
+ * @deprecated This will removed in Tomcat 11 onwards where {@code allowHostHeaderMismatch} will be hard-coded to
+ * {@code false}.
*/
+ @Deprecated
public void setAllowHostHeaderMismatch(boolean allowHostHeaderMismatch) {
this.allowHostHeaderMismatch = allowHostHeaderMismatch;
}
@@ -202,7 +210,11 @@ public abstract class AbstractHttp11Protocol<S> extends AbstractProtocol<S> {
* token) will the request be rejected (with a 400 response) or will the illegal header be ignored?
*
* @return {@code true} if the request will be rejected or {@code false} if the header will be ignored
+ *
+ * @deprecated This will removed in Tomcat 11 onwards where {@code allowHostHeaderMismatch} will be hard-coded to
+ * {@code true}.
*/
+ @Deprecated
public boolean getRejectIllegalHeader() {
return rejectIllegalHeader;
}
@@ -213,7 +225,11 @@ public abstract class AbstractHttp11Protocol<S> extends AbstractProtocol<S> {
*
* @param rejectIllegalHeader {@code true} to reject requests with illegal header names or values, {@code false} to
* ignore the header
+ *
+ * @deprecated This will removed in Tomcat 11 onwards where {@code allowHostHeaderMismatch} will be hard-coded to
+ * {@code true}.
*/
+ @Deprecated
public void setRejectIllegalHeader(boolean rejectIllegalHeader) {
this.rejectIllegalHeader = rejectIllegalHeader;
}
@@ -578,11 +594,11 @@ public abstract class AbstractHttp11Protocol<S> extends AbstractProtocol<S> {
/**
* The protocols that are available via internal Tomcat support for access via HTTP upgrade.
*/
- private final Map<String, UpgradeProtocol> httpUpgradeProtocols = new HashMap<>();
+ private final Map<String,UpgradeProtocol> httpUpgradeProtocols = new HashMap<>();
/**
* The protocols that are available via internal Tomcat support for access via ALPN negotiation.
*/
- private final Map<String, UpgradeProtocol> negotiatedProtocols = new HashMap<>();
+ private final Map<String,UpgradeProtocol> negotiatedProtocols = new HashMap<>();
private void configureUpgradeProtocol(UpgradeProtocol upgradeProtocol) {
// HTTP Upgrade
@@ -634,7 +650,7 @@ public abstract class AbstractHttp11Protocol<S> extends AbstractProtocol<S> {
* To enable basic statistics to be made available for these protocols, a map of protocol name to
* {@link UpgradeGroupInfo} instances is maintained here.
*/
- private final Map<String, UpgradeGroupInfo> upgradeProtocolGroupInfos = new ConcurrentHashMap<>();
+ private final Map<String,UpgradeGroupInfo> upgradeProtocolGroupInfos = new ConcurrentHashMap<>();
public UpgradeGroupInfo getUpgradeGroupInfo(String upgradeProtocol) {
if (upgradeProtocol == null) {
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 928d96f3f4..236cde03a4 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -343,7 +343,10 @@
<p>By default Tomcat will reject requests that specify a host in the
request line but specify a different host in the host header. This
check can be disabled by setting this attribute to <code>true</code>. If
- not specified, the default is <code>false</code>.</p>
+ not specified, the default is <code>false</code>.
+ <br/>
+ This setting will be removed in Tomcat 11 onwards where it will be
+ hard-coded to <code>false</code>.</p>
</attribute>
<attribute name="allowedTrailerHeaders" required="false">
@@ -617,7 +620,10 @@
value (e.g. the header name is not a token) this setting determines if the
request will be rejected with a 400 response (<code>true</code>) or if the
illegal header be ignored (<code>false</code>). The default value is
- <code>true</code> which will cause the request to be rejected.</p>
+ <code>true</code> which will cause the request to be rejected.
+ <br/>
+ This setting will be removed in Tomcat 11 onwards where it will be
+ hard-coded to <code>true</code>.</p>
</attribute>
<attribute name="relaxedPathChars" required="false">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org