On 17 May 2011 22:17, Konstantin Kolinko <[email protected]> wrote: > 2011/5/18 sebb <[email protected]>: >> As far as I can tell, Tomcat validates the format of the Host header, >> but otherwise ignores the port? >> Is that correct? > > No. > See e.g. Http11Processor.parseHost(MessageBytes) in trunk. The last > line there is > [[[ > request.setServerPort(port); > ]]] > where port number in parsed from the header.
I see, so whatever code uses the request can use the port if it wants to. But AFAICT Tomcat does not validate that the port matches the original request - I tried sending it a nonsense port and the request worked. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
