Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [servlet-dev] TCK updates

Hi all,

The TCK team is requesting a review from the Servlet committers:

Regarding the points below, given the lack of feedback, the current state is:
1. Not tested
2. Not tested
3. Not tested


On 03/12/2021 10:43, Mark Thomas wrote:
Hi all,

The TCK PR [1] is making progress. I have removed all the exclusions and fixed (or in a few cases removed) the tests that were failing as a result of the changes we have made.

I am now working on adding new tests with the aim of providing reasonable coverage of all the new / changed features. Some of these are raising questions that I'd appreciate some community feedback on. This isn't an exhaustive list. I expect I'll have a few more questions as I work my way through the features.

1. Issue 18. Do we want to add tests for the suspicious URIs? I'm not sure the current spec language supports expecting all of these to be rejected by default. We might want to add a "by default" or similar into the spec text.

2. Issue 272. I can't think of a good way to test removal of the recommendation. We could check the X-Powered-By header isn't present but the spec doesn't say this must not be sent so I think this is untestable.

3. Issue 407. Request identifiers can be tested (to some degree) fairly simply but connection identifiers quickly gets complicated as you have to make assumptions about what the container will see as separate connections. It isn't unreasonable for some products to include a reverse proxy at which point connection behaviour will depend on a whole bunch of stuff the TCK as no knowledge of. I'm leaning towards just testing request identifiers.



servlet-dev mailing list
To unsubscribe from this list, visit

Back to the top