[SERVLET_SPEC-26] Valid response header names and values Created: 07/Oct/11  Updated: 25/Sep/15

Status: Open
Project: servlet-spec
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: New Feature Priority: Major
Reporter: markt_asf Assignee: Shing Wai Chan
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified



Currently no validation is required when setting a response HTTP header or value. Should the specification require that invalid values are rejected? Should the specification provide a mechanism for escaping header names and values? What about values that cannot be escaped such as UTF-8 values?

Comment by Shing Wai Chan [ 22/Feb/13 ]

Adding it to the bucket of FUTURE_RELEASE

Comment by markt_asf [ 24/Sep/15 ]

My own view is that invalid headers names and/or values should be rejected with an IllegalArgumentException.

Comment by gregwilkins [ 25/Sep/15 ]

I'm fine with ISE being thrown, but I think the spec cannot define what is or is not a valid header name. That will be determined by the underlying transport and level of RFC implementation. So I think these methods MAY throw rather than MUST throw.

Comment by Shing Wai Chan [ 25/Sep/15 ]

I agree that Servlet spec cannot define what valid header names are as they defined by RFCs, etc. And there may be new RFCs in the future. So, the method may throw IllegalArgumentException seems to be better.

Generated at Wed Aug 31 08:50:14 UTC 2016 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.