This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 9397467038 HTTP method names are case sensitive (RFC 9110, 9.1)
9397467038 is described below
commit 93974670385df31fc3b7528278fd5e6fc0f0d95f
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Sep 10 17:04:48 2025 +0100
HTTP method names are case sensitive (RFC 9110, 9.1)
---
java/org/apache/catalina/authenticator/AuthenticatorBase.java | 2 +-
java/org/apache/catalina/authenticator/FormAuthenticator.java | 4 ++--
java/org/apache/catalina/ssi/SSIServletExternalResolver.java | 2 +-
test/org/apache/catalina/startup/TomcatBaseTest.java | 2 +-
webapps/docs/changelog.xml | 4 ++++
5 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index 621e29589e..f30b457dae 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -485,7 +485,7 @@ public abstract class AuthenticatorBase extends ValveBase
implements Authenticat
// Make sure that constrained resources are not cached by web proxies
// or browsers as caching can provide a security hole
- if (constraints != null && disableProxyCaching &&
!"POST".equalsIgnoreCase(request.getMethod())) {
+ if (constraints != null && disableProxyCaching &&
!"POST".equals(request.getMethod())) {
if (securePagesWithPragma) {
// Note: These can cause problems with downloading files with
IE
response.setHeader("Pragma", "No-cache");
diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java
b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index bce0dfe1cb..f5f8bebf14 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -590,7 +590,7 @@ public class FormAuthenticator extends AuthenticatorBase {
String method = saved.getMethod();
MimeHeaders rmh = request.getCoyoteRequest().getMimeHeaders();
rmh.recycle();
- boolean cacheable = "GET".equalsIgnoreCase(method) ||
"HEAD".equalsIgnoreCase(method);
+ boolean cacheable = "GET".equals(method) || "HEAD".equals(method);
Iterator<String> names = saved.getHeaderNames();
while (names.hasNext()) {
String name = names.next();
@@ -624,7 +624,7 @@ public class FormAuthenticator extends AuthenticatorBase {
// If no content type specified, use default for POST
String savedContentType = saved.getContentType();
- if (savedContentType == null && "POST".equalsIgnoreCase(method)) {
+ if (savedContentType == null && "POST".equals(method)) {
savedContentType = Globals.CONTENT_TYPE_FORM_URL_ENCODING;
}
diff --git a/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
b/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
index 7a1604f105..65bf65a99c 100644
--- a/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
+++ b/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
@@ -501,7 +501,7 @@ public class SSIServletExternalResolver implements
SSIExternalResolver {
* Make an assumption that an empty response is a failure. This is
a problem if a truly empty file were
* included, but not sure how else to tell.
*/
- if (retVal.isEmpty() && !req.getMethod().equalsIgnoreCase("HEAD"))
{
+ if (retVal.isEmpty() && !req.getMethod().equals("HEAD")) {
throw new
IOException(sm.getString("ssiServletExternalResolver.noFile", path));
}
return retVal;
diff --git a/test/org/apache/catalina/startup/TomcatBaseTest.java
b/test/org/apache/catalina/startup/TomcatBaseTest.java
index 226a076312..3d1417e9ed 100644
--- a/test/org/apache/catalina/startup/TomcatBaseTest.java
+++ b/test/org/apache/catalina/startup/TomcatBaseTest.java
@@ -605,7 +605,7 @@ public abstract class TomcatBaseTest extends
LoggingBaseTest {
}
int bodySize = 0;
- if ("PUT".equalsIgnoreCase(request.getMethod())) {
+ if ("PUT".equals(request.getMethod())) {
InputStream is = request.getInputStream();
int read = 0;
byte[] buffer = new byte[8192];
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 38736cde37..1bcb24f6f3 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -117,6 +117,10 @@
Correct a regression in the fix for <bug>69781</bug> that broke
<code>FileStore</code>. (markt)
</fix>
+ <fix>
+ HTTP methods are case-sensitive so always use case sensitive
comparisons
+ when comparing HTTP methods. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
