On 27/09/2020 00:07, Pawel Veselov wrote:
> Hello!
>
> Tomcat 9.0.x
>
> I'd like to force connection closure on some endpoints.
Why? Generally, this is something that should not be an application concern.
> I'm trying this on a simple JSP page.
> If I call response.setHeader("Connection","close"), I see that the
> response has "Connection: close, keep-alive".
> I assume Tomcat inserts the keep-alive part. It looks like the browsers
> still close the connection based on this, but I was wondering if it's
> possible to have Tomcat honor the header value set by the application.
The most recent discussion on this topic was whether or not Tomcat
should block any attempt by an application to manipulate the Connection
header. The consensus was leaning towards implementing a block but
no-one has implemented it yet.
See https://github.com/apache/tomcat/pull/277
I did wonder if this was a regression introduced by some clean-up in the
handling of the Connection header a little while ago but it appears not.
Note that Tomcat will only add this header for HTTP/1.0 requests.
Separately, you may also see a "Keep-Alive" header for HTTP/1.1 requests.
I'm leaning towards a small fix that would prevent the keep-alive header
being added in this case.
> I was also wondering what does it mean - when multiple connection tokens
> are specified for a connection header. Breezing through the RFCs I can't
> find a clear statement on that except that multiple connection tokens are
> allowed in the header...
As per RFC 7230, section 6.3 if the close option is present it takes
priority.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
