What steps will reproduce the problem?
1. Write a Servlet that uses DefaultHTTPUtilities.getInstance().setHeader(...)
to set headers to the response
2. Attempt to write a header with a name longer than 20 characters, such as
"Strict-Transport-Security" or "Access-Control-Allow-Origin"
What is the expected output? What do you see instead?
These headers are standard and not unsafe, so I expect them to pass validation,
but they are blocked by what seems to be an arbitrary (and quite low) character
limit of 20 characters.
What version of the product are you using? On what operating system?
2.1.0 (loaded using maven as dependency of project) because it appears to be
the latest stable version as of 4/13/2014.
I am using Tomcat 7.0.41 on Linux, but in this case I think that's irrelevant.
Does this issue affect only a specified browser or set of browsers?
No.
Please provide any additional information below.
How can I modify this character limit without forking / modifying the source
code? It appears to be hard-coded. Could this at least be increased to a higher
default like 32 or 40?
Original issue reported on code.google.com by jac...@gmail.com on 13 Apr 2014 at 5:59
Original issue reported on code.google.com by
jac...@gmail.comon 13 Apr 2014 at 5:59