https://bz.apache.org/bugzilla/show_bug.cgi?id=69876
Bug ID: 69876
Summary: Breaking Change in Tomcat 11.0.12+ – HTTP Header
Product: Tomcat 11
Version: 11.0.13
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Servlet
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: -------
After upgrading Tomcat from 11.0.10 to 11.0.13, we observed that header name
lookup became case-sensitive for custom headers when using the Servlet API
methods.
In previous versions (up to 11.0.11), Tomcat correctly treated header names as
case-insensitive, consistent with the HTTP specification.
Starting from 11.0.12, the same code fails to retrieve headers if the case of
the header name differs between addHeader() and getHeader().
Add a custom header and then attempt to retrieve it with a different case:
response.addHeader("ABC_XYZ", "true");
String val = request.getHeader("abc_xyz");
Run the application on Tomcat 11.0.10
It works fine, but not after the update to 11.0.13
This behaviour appeared from 11.0.12
We found the changes
https://github.com/apache/tomcat/commit/09e30aeb68edfd3ae79bfc5e8ba3211d884aeb4c#diff-1115e493b03a0e9c02f350ca5835b67463e4a2b652c33c400027868c7e35d7c7
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
