Hello: A question, perhaps a bug...
I inherited a large application that has Apache in front, tomcat in back via AJP1.3. I am moving everything to "new" verisons. A new RedHat OS, newest tomcat RPM (7.0.69), etc. I ran into a snag and finally identified the culprit. The tomcat on the backend went from 1.0.14 to 1.0.69. As I understand HTTP/HTML, a FORM is POSTed with two packets, the second one is "DATA" - at least that is what I see from tcpdump, etc. Note - this is only via the AJP1.3 port 8009. Access via port 8080 works fine. The bottom line is that a FORM, submitted using POST via AJP, with NO "DATA" packet, does NOT process as a form submission, but instead returns a 400 HTTP error. This is the code that is working now on 1.0.14, but will not work on 1.0.69. After a lot of experimentation, I determined that if I added ANYTHING that produced a "DATA" packet, then it would work correctly. First example: <form action="/abcd/JavaClassToCall" method="post"> <input type="submit" value="Do the Java Thing" style="font-size: 9pt;"> </form> This fails with 400 error. Simply "naming" the submit button causes a "data" packet to be sent: <input type="submit" name="submitbutton" value="Do the Java Thing" style="font-size: 9pt;"> Causes success - and it makes a "DATA" packet to be sent with the value of the button variable: submitbutton="Do the Java Thing" Second case is a completely blank form without even a submit button, called by a javascript routine. Same results. If I add any variable, say a hidden variable of "blah" with a value, it then works. SO, question ... between tomcat 1.0.14 and 1.0.69, what changed such that the behavior of the "POST" data processing changed? Is the current behavior correct and the old was wrong, or vice versa? Short of touching some untold number of forms in this large application, is there any way to force correct behavior, preferably via tomcat configs or something? Thanks! Derric The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.