https://issues.apache.org/bugzilla/show_bug.cgi?id=52954
--- Comment #1 from Mark Thomas <ma...@apache.org> 2012-03-31 17:47:30 UTC --- (In reply to comment #0) The spec do indicate that servers should be tolerant where they can but this is a security feature so we need to be careful. 1. I'd be happy relaxing the limit on the length of the nonce count to between 6 an 8 inclusive. 2. Regarding the request-uri, my reading of the specs is that it should match what is in the request line so if android is using an absolute uri in the request line then we should certainly accept it. If it isn't then as long as the host header matches then it is equivalent so at the moment I don't see any reason not to allow it. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org