users@servlet-spec.java.net

[servlet-spec users] [jsr369-experts] Re: Removing headers from the response

From: Mark Thomas <markt_at_apache.org>
Date: Tue, 23 Dec 2014 09:31:13 +0000

On 23/12/2014 06:29, Eugene Chung(정의근) wrote:
>
> On Tue, Dec 23, 2014 at 8:29 AM, Stuart Douglas <sdouglas_at_redhat.com
> <mailto:sdouglas_at_redhat.com>> wrote:
>
> At the moment there does not seem to be a way to remove a header
> from the response. It might be expected that calling
> HttpServletResponse.setHeader("name", null) will accomplish this,
> however it does not seem to be explicitly specified in the spec or
> the javadoc.
>
> What does everyone think about adding some clarification to the
> javadoc that explicitly states that if setHeader is called with a
> null value then the header will be cleared?
>
> Stuart
>
>
> Is this behaviour normal in other WASes?
> Our implementation ignores 'null' value.

So does Tomcat.

What is the use case for this? If an application doesn't want a header
to be present, it shouldn't add it in the first place.

There are also some added complications:
- The container may well add headers after the request has left the
servlet and filter chain (e.g. content-length). If the app requests that
this header is removed before the container adds it, is the container
meant to honour that request?
- Removing some headers will result in a response that is not valid
HTTP/1.1. Should the container allow this?

I'm leaning towards stating that null values and null/zero length names
will be ignored. I'd be prepared to change my position to allowing
header removal if:
a) a valid use case was presented
b) it is carefully specified w.r.t. the issues above and any others we
can think of.

Mark