[SERVLET_SPEC-26] Valid response header names and values Created: 07/Oct/11 Updated: 25/Sep/15
|Reporter:||markt_asf||Assignee:||Shing Wai Chan|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
Currently no validation is required when setting a response HTTP header or value. Should the specification require that invalid values are rejected? Should the specification provide a mechanism for escaping header names and values? What about values that cannot be escaped such as UTF-8 values?
|Comment by Shing Wai Chan [ 22/Feb/13 ]|
Adding it to the bucket of FUTURE_RELEASE
|Comment by markt_asf [ 24/Sep/15 ]|
My own view is that invalid headers names and/or values should be rejected with an IllegalArgumentException.
|Comment by gregwilkins [ 25/Sep/15 ]|
I'm fine with ISE being thrown, but I think the spec cannot define what is or is not a valid header name. That will be determined by the underlying transport and level of RFC implementation. So I think these methods MAY throw rather than MUST throw.
|Comment by Shing Wai Chan [ 25/Sep/15 ]|
I agree that Servlet spec cannot define what valid header names are as they defined by RFCs, etc. And there may be new RFCs in the future. So, the method may throw IllegalArgumentException seems to be better.