gmshake commented on code in PR #501: URL: https://github.com/apache/tomcat/pull/501#discussion_r847041315
########## java/org/apache/coyote/http11/AbstractHttp11Protocol.java: ########## @@ -244,6 +244,34 @@ public void setMaxSavePostSize(int maxSavePostSize) { public void setMaxHttpHeaderSize(int valueI) { maxHttpHeaderSize = valueI; } + /** + * Maximum size of the HTTP request message header. + */ + private int maxHttpRequestHeaderSize = -1; Review Comment: Keep `getMaxHttpHeaderSize()` only preserves API level compatibility, the semantic of `getMaxHttpHeaderSize()` has change once we introduce dedicated header settings for request and response. To illustrate the semantic change: ```java setMaxHttpHeaderSize(4096); setMaxHttpRequestHeaderSize(8192); setMaxHttpResponseHeaderSize(16384); ``` Then `getMaxHttpHeaderSize()` make no sense except the only meaning "default maxHttpHeaderSize" Maybe it is deprecate `getMaxHttpHeaderSize()` and return a size that is not too bad: ```java public int getMaxHttpHeaderSize() { return Math.min(maxHttpRequestHeaderSize, maxHttpResponseHeaderSize) } ``` I still insist that semantic level compatibility is more important than API level compatibility. For `setMaxHttpHeaderSize()` it originally means set maximum size of the HTTP message header for both request and response. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org