----- Original Message -----
> From: "Mark Thomas" <markt_at_apache.org>
> To: jsr369-experts_at_servlet-spec.java.net
> Sent: Tuesday, 23 December, 2014 8:31:13 PM
> Subject: [jsr369-experts] Re: [servlet-spec users] Removing headers from the response
>
> On 23/12/2014 06:29, Eugene Chung(정의근) wrote:
> >
> > On Tue, Dec 23, 2014 at 8:29 AM, Stuart Douglas <sdouglas_at_redhat.com
> > <mailto:sdouglas_at_redhat.com>> wrote:
> >
> > At the moment there does not seem to be a way to remove a header
> > from the response. It might be expected that calling
> > HttpServletResponse.setHeader("name", null) will accomplish this,
> > however it does not seem to be explicitly specified in the spec or
> > the javadoc.
> >
> > What does everyone think about adding some clarification to the
> > javadoc that explicitly states that if setHeader is called with a
> > null value then the header will be cleared?
> >
> > Stuart
> >
> >
> > Is this behaviour normal in other WASes?
> > Our implementation ignores 'null' value.
>
> So does Tomcat.
>
> What is the use case for this? If an application doesn't want a header
> to be present, it shouldn't add it in the first place.
The use case that I came across this was a user filter that did gzip compression. Our default servlet sets a content length, and then the filter changes the content length. It is possible for the filter to also wrap the response to ignore the content length, but either way a set header call with a null value is currently undefined behaviour. I think it would be cleaner to specify what should happen in this case, it should either remove the header or throw an IllegalArgumentException.
In Undertow setHeader with null will wipe the header, addHeader will do nothing, and containsHeader will return true if setHeader(null) had been called.
Stuart
>
> There are also some added complications:
> - The container may well add headers after the request has left the
> servlet and filter chain (e.g. content-length). If the app requests that
> this header is removed before the container adds it, is the container
> meant to honour that request?
> - Removing some headers will result in a response that is not valid
> HTTP/1.1. Should the container allow this?
>
> I'm leaning towards stating that null values and null/zero length names
> will be ignored. I'd be prepared to change my position to allowing
> header removal if:
> a) a valid use case was presented
> b) it is carefully specified w.r.t. the issues above and any others we
> can think of.
>
> Mark
>