Hi folks,
while investigating another possible patch for the RewriteValve, I have
noticed that Tomcat 8.5 does not validate the set status code,
everything ist possible, e.g., -99 or 1000. Scanning the code I haven't
found any validation or such upto
org.apache.coyote.http11.Http11OutputBuffer.sendStatus().
RFC 7230, section 3.1.2 defines the EBNF the status-code is defined as
3DIGIT.
My question: is that an implementation error?
Not having checked Apache 2.4 yet, I know that mod_rewrite.c will return
an error if the status code is not between 100 and 900 [1].
Michael
[1]
https://github.com/apache/httpd/blob/fbc5e20ead005fd3a2bec05924f9e90dfd195406/modules/mappers/mod_rewrite.c#L3682-L3694
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
