Tomcat在 7.0.73, 8.0.39, 8.5.7 等版本后(详情:https://stackoverflow.com/questions/41053653/tomcat-8-is-not-able-to-handle-get-request-with-in-query-parameters/44005213#44005213),添加了对于http头的验证,就是添加了些规则去限制HTTP头的规范性(详情:http://www.jianshu.com/p/1c870461fa41)
1234 | if (IS_CONTROL[i] || i > 127 || i == ' ' || i == '\"' || i == '#' || i == '<' || i == '>' || i == '\\' || i == '^' || i == '`' || i == '{' || i == '|' || i == '}') { IS_NOT_REQUEST_TARGET[i] = true; // reject the character! |
---|