https://bz.apache.org/bugzilla/show_bug.cgi?id=64144
Bug ID: 64144 Summary: Add an option for rejecting requests that have both CL and TE Product: Tomcat 9 Version: 9.0.x Hardware: PC OS: Mac OS X 10.1 Status: NEW Severity: normal Priority: P2 Component: Connectors Assignee: dev@tomcat.apache.org Reporter: violet...@apache.org Target Milestone: ----- According https://tools.ietf.org/html/rfc7230#section-3.3.3 If a message is received with both a TE and a CL header field, the TE overrides the CL. Such a message might indicate an attempt to perform an attack and ought to be handled as an error. This feature request is for adding an option for rejecting requests that have both CL and TE so that Tomcat is protected against misbehaving third-party components. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org