Re: Applications setting connection specific HTTP headers

2021-02-04 Thread Romain Manni-Bucau
+1, out of curiosity, cant rewrite valve help somehow? Le jeu. 4 févr. 2021 à 19:11, Mark Thomas a écrit : > On 04/02/2021 17:56, Romain Manni-Bucau wrote: > > I always fixed it by a filter until now. > > What about adding a filter in tomcat and if users complain move to > another > > solution?

Re: Applications setting connection specific HTTP headers

2021-02-04 Thread Mark Thomas
On 04/02/2021 17:56, Romain Manni-Bucau wrote: > I always fixed it by a filter until now. > What about adding a filter in tomcat and if users complain move to another > solution? Can even be marked @Alpha for a few I guess. We have been talking about a ModHeadersFilter for quite some time. This

Re: Applications setting connection specific HTTP headers

2021-02-04 Thread Romain Manni-Bucau
I always fixed it by a filter until now. What about adding a filter in tomcat and if users complain move to another solution? Can even be marked @Alpha for a few I guess. Romain Manni-Bucau @rmannibucau | Blog | Old Blog

Re: Applications setting connection specific HTTP headers

2021-02-04 Thread Mark Thomas
On 04/02/2021 16:37, Romain Manni-Bucau wrote: > (if it helps) From what I saw which was close to that it was due to the > current microservice erea where it is very common to have poor man proxies > coded in java/tomcat and forwarding all headers of a HTTP request, this is > not uncommon and will

Re: Applications setting connection specific HTTP headers

2021-02-04 Thread Michael Osipov
Am 2021-02-04 um 17:36 schrieb Rémy Maucherat: On Thu, Feb 4, 2021 at 5:31 PM Michael Osipov wrote: Am 2021-02-03 um 13:03 schrieb Mark Thomas: Hi all, We have an open PR related to this for HTTP/2 (#277) and I am seeing related issues at $work with HTTP. In short, applications are doing

Re: Applications setting connection specific HTTP headers

2021-02-04 Thread Romain Manni-Bucau
(if it helps) From what I saw which was close to that it was due to the current microservice erea where it is very common to have poor man proxies coded in java/tomcat and forwarding all headers of a HTTP request, this is not uncommon and will even work on some containers (and always in bad tests

Re: Applications setting connection specific HTTP headers

2021-02-04 Thread Rémy Maucherat
On Thu, Feb 4, 2021 at 5:31 PM Michael Osipov wrote: > Am 2021-02-03 um 13:03 schrieb Mark Thomas: > > Hi all, > > > > We have an open PR related to this for HTTP/2 (#277) and I am seeing > > related issues at $work with HTTP. > > > > In short, applications are doing things like: > > > >

Re: Applications setting connection specific HTTP headers

2021-02-04 Thread Michael Osipov
Am 2021-02-03 um 13:03 schrieb Mark Thomas: Hi all, We have an open PR related to this for HTTP/2 (#277) and I am seeing related issues at $work with HTTP. In short, applications are doing things like: response.setHeader("Transfer-Encoding", "chunked"); which, as you'd expect is causing

Re: Applications setting connection specific HTTP headers

2021-02-04 Thread Mark Thomas
On 04/02/2021 15:33, Christopher Schultz wrote: > Mark, > > On 2/4/21 8:52 AM, Mark Thomas wrote: >> On 04/02/2021 13:28, Christopher Schultz wrote: >>> I think this should be done in a Valve that is enabled by default, but >>> can be disabled, rendering zero penalty for "well-behaved"

Re: Applications setting connection specific HTTP headers

2021-02-04 Thread Christopher Schultz
Mark, On 2/4/21 8:52 AM, Mark Thomas wrote: > On 04/02/2021 13:28, Christopher Schultz wrote: >> I think this should be done in a Valve that is enabled by default, but >> can be disabled, rendering zero penalty for "well-behaved" applications. >> The Valve can simply wrap the response with a

Re: Applications setting connection specific HTTP headers

2021-02-04 Thread Mark Thomas
On 04/02/2021 13:28, Christopher Schultz wrote: > I think this should be done in a Valve that is enabled by default, but > can be disabled, rendering zero penalty for "well-behaved" applications. > The Valve can simply wrap the response with a wrapper that either prints > an error to the log

Re: Applications setting connection specific HTTP headers

2021-02-04 Thread Christopher Schultz
Mark, On 2/3/21 07:03, Mark Thomas wrote: Hi all, We have an open PR related to this for HTTP/2 (#277) and I am seeing related issues at $work with HTTP. In short, applications are doing things like: response.setHeader("Transfer-Encoding", "chunked"); which, as you'd expect is causing

Re: Applications setting connection specific HTTP headers

2021-02-04 Thread Romain Manni-Bucau
Le jeu. 4 févr. 2021 à 11:09, Mark Thomas a écrit : > Responses in line: > > On 03/02/2021 19:55, Raymond Auge wrote: > > What about an integration point that acts as a passthrough to such > changes > > that let you "monitor" and/or "defend" against these operations (using > > whatever policy

Re: Applications setting connection specific HTTP headers

2021-02-04 Thread Mark Thomas
Responses in line: On 03/02/2021 19:55, Raymond Auge wrote: > What about an integration point that acts as a passthrough to such changes > that let you "monitor" and/or "defend" against these operations (using > whatever policy you wish). > The default would be no-op. That certainly provides

Re: Applications setting connection specific HTTP headers

2021-02-03 Thread Raymond Auge
What about an integration point that acts as a passthrough to such changes that let you "monitor" and/or "defend" against these operations (using whatever policy you wish). The default would be no-op. - Ray On Wed, Feb 3, 2021 at 11:15 AM Romain Manni-Bucau wrote: > Le mer. 3 févr. 2021 à

Re: Applications setting connection specific HTTP headers

2021-02-03 Thread Romain Manni-Bucau
Le mer. 3 févr. 2021 à 17:10, Mark Thomas a écrit : > On 03/02/2021 16:06, Romain Manni-Bucau wrote: > > Hi, > > > > Why not just adding a tomcat-application-fixer module (a more ugly name > can > > be relevant ;)) application could add in their WEB-INF/lib through web > > resource definition

Re: Applications setting connection specific HTTP headers

2021-02-03 Thread Mark Thomas
On 03/02/2021 16:06, Romain Manni-Bucau wrote: > Hi, > > Why not just adding a tomcat-application-fixer module (a more ugly name can > be relevant ;)) application could add in their WEB-INF/lib through web > resource definition (ie plain context.xml config or programmatic > equivalent) which

Re: Applications setting connection specific HTTP headers

2021-02-03 Thread Mark Thomas
On 03/02/2021 15:50, Rémy Maucherat wrote: > On Wed, Feb 3, 2021 at 1:03 PM Mark Thomas wrote: >> I'm still considering what might be the best way to fix this. Hence the >> brain dump above. Thoughts? > > There has been some debate about this before, and you did add quite a bit > of code to

Re: Applications setting connection specific HTTP headers

2021-02-03 Thread Romain Manni-Bucau
Hi, Why not just adding a tomcat-application-fixer module (a more ugly name can be relevant ;)) application could add in their WEB-INF/lib through web resource definition (ie plain context.xml config or programmatic equivalent) which would have a @WebFilter(/*, asyncSupported=true) which would

Re: Applications setting connection specific HTTP headers

2021-02-03 Thread Rémy Maucherat
On Wed, Feb 3, 2021 at 1:03 PM Mark Thomas wrote: > Hi all, > > We have an open PR related to this for HTTP/2 (#277) and I am seeing > related issues at $work with HTTP. > > In short, applications are doing things like: > > response.setHeader("Transfer-Encoding", "chunked"); > > which, as you'd