Christopher Schultz wrote: > I'm wondering what the wider community thinks about this change and > whether or not we should consider reverting it for Tomcat 8.5.x.
Mark Thomas wrote: > The root cause is non-specification compliant clients. I generally don't > view specification non-compliance in third party code a good reason to > make a change in Tomcat. > > Overall I am -0 on reverting the change for 8.5.x. I'm not a big Tomcat contributor, but I do work on various things, and have spent a long time working on web browsers and web standards. I'd be a -0 at best. A /moderately/ quick search found a server that would return a 200 with text other than "OK" In addition to the "200 Tunnel established" that I found and linked to, boa would occasionally spit out "HTTP/1.0 200 OK-GUNZIP" which may or may not have been compatible with quirky clients that expect "200 OK". Note that a well behaved client (e.g. a browser) tolerated 200 WHATEVER at the beginning of time. I can't easily go to before Gecko moved to HG, but by then, it was certainly tolerant. And I'm fairly confident it was by the time it was open sourced... I vaguely recall writing web servers which had other messages, and I think I even saw servers that did (~15 years ago). HTTP/2 apparently doesn't include a status message (which is presumably why Tomcat is dropping it in the first place). Clients in the real world have to update in order to interact with modern servers. If your client doesn't support SSL, it will soon be unable to access most resources. If it doesn't support TLS, likewise. If it only supports SHA1, it's in a similar boat. And of course, if your useragent doesn't periodically update its CA list, it will eventually not be able to connect to web servers. I recently forced the people in my office to update Java to get current certificates. By forcing bad clients to fix their stuff sooner, you're doing the world a favor. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
