On 17 May 2011 22:17, Konstantin Kolinko <knst.koli...@gmail.com> wrote: > 2011/5/18 sebb <seb...@gmail.com>: >> As far as I can tell, Tomcat validates the format of the Host header, >> but otherwise ignores the port? >> Is that correct? > > No. > See e.g. Http11Processor.parseHost(MessageBytes) in trunk. The last > line there is > [[[ > request.setServerPort(port); > ]]] > where port number in parsed from the header.
I see, so whatever code uses the request can use the port if it wants to. But AFAICT Tomcat does not validate that the port matches the original request - I tried sending it a nonsense port and the request worked. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
