On 30/05/18 10:00, Sven Buesing wrote: > Hello everyone, > Hello Mark, > > @markt: as this change is from you, I've added you in cc. Please let me know > if you're fine with this.
No, I am not. Please do not send direct mail to Tomcat committers. If you have a Tomcat related question, it belongs on the mailing list. > Since Tomcat 7.0.87 Coyote has added a validation check for Host-Headers. > The validation seems to expect that a host header is always a FQDN. > But in common DNS setups, search domains are used, which are automatically > appended to a DNS request. > > The search domain on the other hand is not appended to the host header of the > request. For example, a host header might therefore look like this: "Host: > subdomain.host-header". > The"-" causes the request to be recognized as incorrect and discarded. > As a result, since the update to Tomcat >8.0.86, certain requests are > answered with 400 bad requests. > > This could be a problem in certain setups. Maybe you could change the > validation behaviour to also accept common domain names without requireing > FQDNs. https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
