12 Jul 2023 14:28:40 Lasse Lindqvist <lasse.k.lindqv...@gmail.com>:

Hi. Every once in a while in automatic tests I see an error

Caused by: org.apache.http.ProtocolException: Invalid header: :
    at app//org.apache.http.impl.io.AbstractMessageParser.parseHeaders(AbstractMessageParser.java:230)     at app//org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:266)     at app//org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:163)     at app//org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:157)     at app//org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:273)     at app//org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:125)     at app//org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:272)     at app//org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)     at app//org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)     at app//org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)     at app//org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)

Meaning that the header contents would be just ": ", suggesting that
it has an empty key and empty value.

The service being called is a Spring Boot 2.7 application that has a
simple Controller with no custom header definitions.
It does return a response with

and body of StreamingResponseBody though.

I am wondering if this is something that might be on the Tomcat side,
or Spring side. But even if on Spring side, should Tomcat perhaps
prevent  the creation of these empty headers, as at least
Apache HTTP client considers them invalid and will not choose to ignore them.

Tomcat lets applications do stupid things on the basis that sometimes they need to to work around issues with broken clients.

Over time there has been a shift towards rejecting non spec compliant input but it hasn't reached the general response headers yet.

If you can ID the root cause we may be able to provide more specific feedback.


This reproduces relatively rarely, and by rerunning tests it normally
disappears, so I have not been able to catch the root issue.

Maybe it is related to
https://github.com/spring-projects/spring-security/issues/9175 and
fully a Spring issue even though my error is not exactly the same as> those in the Github issue?

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to