This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 95c4397a6a Deprecate allowHostHeaderMismatch and rejectIllegalHeader
95c4397a6a is described below
commit 95c4397a6a6cde74dc9d34ed484794374abe9ad4
Author: Mark Thomas <[email protected]>
AuthorDate: Tue May 2 17:15:21 2023 +0100
Deprecate allowHostHeaderMismatch and rejectIllegalHeader
---
.../coyote/http11/AbstractHttp11Protocol.java | 26 +++++++++++++++++-----
java/org/apache/coyote/http11/Http11Processor.java | 1 +
webapps/docs/changelog.xml | 5 +++++
webapps/docs/config/http.xml | 10 +++++++--
4 files changed, 35 insertions(+), 7 deletions(-)
diff --git a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
index 2b1d75b124..0e76f4d2fe 100644
--- a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
+++ b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
@@ -58,7 +58,7 @@ public abstract class AbstractHttp11Protocol<S> extends
AbstractProtocol<S> {
private final CompressionConfig compressionConfig = new
CompressionConfig();
- public AbstractHttp11Protocol(AbstractEndpoint<S, ?> endpoint) {
+ public AbstractHttp11Protocol(AbstractEndpoint<S,?> endpoint) {
super(endpoint);
setConnectionTimeout(Constants.DEFAULT_CONNECTION_TIMEOUT);
}
@@ -116,7 +116,7 @@ public abstract class AbstractHttp11Protocol<S> extends
AbstractProtocol<S> {
* Over-ridden here to make the method visible to nested classes.
*/
@Override
- protected AbstractEndpoint<S, ?> getEndpoint() {
+ protected AbstractEndpoint<S,?> getEndpoint() {
return super.getEndpoint();
}
@@ -179,7 +179,11 @@ public abstract class AbstractHttp11Protocol<S> extends
AbstractProtocol<S> {
* the request line?
*
* @return {@code true} if Tomcat will allow such requests, otherwise
{@code false}
+ *
+ * @deprecated This will removed in Tomcat 11 onwards where {@code
allowHostHeaderMismatch} will be hard-coded to
+ * {@code false}.
*/
+ @Deprecated
public boolean getAllowHostHeaderMismatch() {
return allowHostHeaderMismatch;
}
@@ -189,7 +193,11 @@ public abstract class AbstractHttp11Protocol<S> extends
AbstractProtocol<S> {
* the request line?
*
* @param allowHostHeaderMismatch {@code true} to allow such requests,
{@code false} to reject them with a 400
+ *
+ * @deprecated This will removed in Tomcat 11 onwards where {@code
allowHostHeaderMismatch} will be hard-coded to
+ * {@code false}.
*/
+ @Deprecated
public void setAllowHostHeaderMismatch(boolean allowHostHeaderMismatch) {
this.allowHostHeaderMismatch = allowHostHeaderMismatch;
}
@@ -202,7 +210,11 @@ public abstract class AbstractHttp11Protocol<S> extends
AbstractProtocol<S> {
* token) will the request be rejected (with a 400 response) or will the
illegal header be ignored?
*
* @return {@code true} if the request will be rejected or {@code false}
if the header will be ignored
+ *
+ * @deprecated This will removed in Tomcat 11 onwards where {@code
allowHostHeaderMismatch} will be hard-coded to
+ * {@code true}.
*/
+ @Deprecated
public boolean getRejectIllegalHeader() {
return rejectIllegalHeader;
}
@@ -213,7 +225,11 @@ public abstract class AbstractHttp11Protocol<S> extends
AbstractProtocol<S> {
*
* @param rejectIllegalHeader {@code true} to reject requests with illegal
header names or values, {@code false} to
* ignore the header
+ *
+ * @deprecated This will removed in Tomcat 11 onwards where {@code
allowHostHeaderMismatch} will be hard-coded to
+ * {@code true}.
*/
+ @Deprecated
public void setRejectIllegalHeader(boolean rejectIllegalHeader) {
this.rejectIllegalHeader = rejectIllegalHeader;
}
@@ -613,11 +629,11 @@ public abstract class AbstractHttp11Protocol<S> extends
AbstractProtocol<S> {
/**
* The protocols that are available via internal Tomcat support for access
via HTTP upgrade.
*/
- private final Map<String, UpgradeProtocol> httpUpgradeProtocols = new
HashMap<>();
+ private final Map<String,UpgradeProtocol> httpUpgradeProtocols = new
HashMap<>();
/**
* The protocols that are available via internal Tomcat support for access
via ALPN negotiation.
*/
- private final Map<String, UpgradeProtocol> negotiatedProtocols = new
HashMap<>();
+ private final Map<String,UpgradeProtocol> negotiatedProtocols = new
HashMap<>();
private void configureUpgradeProtocol(UpgradeProtocol upgradeProtocol) {
// HTTP Upgrade
@@ -668,7 +684,7 @@ public abstract class AbstractHttp11Protocol<S> extends
AbstractProtocol<S> {
* {@code UpgradeProtocol}. To enable basic statistics to be made
available for these protocols, a map of protocol
* name to {@link UpgradeGroupInfo} instances is maintained here.
*/
- private final Map<String, UpgradeGroupInfo> upgradeProtocolGroupInfos =
new ConcurrentHashMap<>();
+ private final Map<String,UpgradeGroupInfo> upgradeProtocolGroupInfos = new
ConcurrentHashMap<>();
public UpgradeGroupInfo getUpgradeGroupInfo(String upgradeProtocol) {
if (upgradeProtocol == null) {
diff --git a/java/org/apache/coyote/http11/Http11Processor.java
b/java/org/apache/coyote/http11/Http11Processor.java
index 748bf74323..b8705441e8 100644
--- a/java/org/apache/coyote/http11/Http11Processor.java
+++ b/java/org/apache/coyote/http11/Http11Processor.java
@@ -849,6 +849,7 @@ public class Http11Processor extends AbstractProcessor {
/**
* After reading the request headers, we have to setup the request filters.
*/
+ @SuppressWarnings("deprecation")
private void prepareRequest() throws IOException {
if (endpoint.isSSLEnabled()) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 96acee79fe..e0fb10ed2a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -158,6 +158,11 @@
Fix an edge case in HTTP header parsing and ensure that HTTP headers
without names are treated as invalid. (markt)
</fix>
+ <update>
+ Deprecate the HTTP Connector settings <code>rejectIllegalHeader</code>
+ and <code>allowHostHeaderMismatch</code> as they have been removed in
+ Tomcat 11 onwards. (markt)
+ </update>
</changelog>
</subsection>
<subsection name="Jasper">
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 11f660d6cc..6edee2ad81 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -345,7 +345,10 @@
<p>By default Tomcat will reject requests that specify a host in the
request line but specify a different host in the host header. This
check can be disabled by setting this attribute to <code>true</code>. If
- not specified, the default is <code>false</code>.</p>
+ not specified, the default is <code>false</code>.
+ <br/>
+ This setting will be removed in Tomcat 11 onwards where it will be
+ hard-coded to <code>false</code>.</p>
</attribute>
<attribute name="allowedTrailerHeaders" required="false">
@@ -632,7 +635,10 @@
value (e.g. the header name is not a token) this setting determines if
the
request will be rejected with a 400 response (<code>true</code>) or if
the
illegal header be ignored (<code>false</code>). The default value is
- <code>true</code> which will cause the request to be rejected.</p>
+ <code>true</code> which will cause the request to be rejected.
+ <br/>
+ This setting will be removed in Tomcat 11 onwards where it will be
+ hard-coded to <code>true</code>.</p>
</attribute>
<attribute name="rejectIllegalHeaderName" required="false">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
