Hello:
A question, perhaps a bug...
I inherited a large application that has Apache in front, tomcat in back via
AJP1.3. I am moving everything to
"new" verisons. A new RedHat OS, newest tomcat RPM (7.0.69), etc.
I ran into a snag and finally identified the culprit. The tomcat on the
backend went from 1.0.14 to 1.0.69.
As I understand HTTP/HTML, a FORM is POSTed with two packets, the second one is
"DATA" - at least that
is what I see from tcpdump, etc. Note - this is only via the AJP1.3 port 8009.
Access via port 8080 works fine.
The bottom line is that a FORM, submitted using POST via AJP, with NO "DATA"
packet, does NOT process as a form
submission, but instead returns a 400 HTTP error. This is the code that is
working now on 1.0.14, but will not
work on 1.0.69.
After a lot of experimentation, I determined that if I added ANYTHING that
produced a "DATA" packet, then
it would work correctly. First example:
<form action="/abcd/JavaClassToCall" method="post">
<input type="submit" value="Do the Java Thing" style="font-size: 9pt;">
</form>
This fails with 400 error.
Simply "naming" the submit button causes a "data" packet to be sent:
<input type="submit" name="submitbutton" value="Do the Java Thing"
style="font-size: 9pt;">
Causes success - and it makes a "DATA" packet to be sent with the value of the
button variable:
submitbutton="Do the Java Thing"
Second case is a completely blank form without even a submit button, called by
a javascript routine.
Same results. If I add any variable, say a hidden variable of "blah" with a
value, it then works.
SO, question ... between tomcat 1.0.14 and 1.0.69, what changed such that the
behavior of the "POST"
data processing changed? Is the current behavior correct and the old was
wrong, or vice versa?
Short of touching some untold number of forms in this large application, is
there any way to force
correct behavior, preferably via tomcat configs or something?
Thanks!
Derric
The information contained in this message is proprietary and/or confidential.
If you are not the intended recipient, please: (i) delete the message and all
copies; (ii) do not disclose, distribute or use the message in any manner; and
(iii) notify the sender immediately. In addition, please be aware that any
message addressed to our domain is subject to archiving and review by persons
other than the intended recipient. Thank you.
