Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [servlet-dev] TCK updates


sorry I've not been tuned in for a few weeks.

I think it would be good to test 1.   The tests should be setup to expect either a reject or at least if the request is accepted the path methods return the expected results.

I'd offer to do it, but not really going to be able to work on it until after the 9th (ish depending on the wind)/


On Tue, 21 Dec 2021 at 01:19, Mark Thomas <markt@xxxxxxxxxx> wrote:
Hi all,

The TCK team is requesting a review from the Servlet committers:

Regarding the points below, given the lack of feedback, the current
state is:
1. Not tested
2. Not tested
3. Not tested


On 03/12/2021 10:43, Mark Thomas wrote:
> Hi all,
> The TCK PR [1] is making progress. I have removed all the exclusions and
> fixed (or in a few cases removed) the tests that were failing as a
> result of the changes we have made.
> I am now working on adding new tests with the aim of providing
> reasonable coverage of all the new / changed features. Some of these are
> raising questions that I'd appreciate some community feedback on. This
> isn't an exhaustive list. I expect I'll have a few more questions as I
> work my way through the features.
> 1. Issue 18. Do we want to add tests for the suspicious URIs? I'm not
> sure the current spec language supports expecting all of these to be
> rejected by default. We might want to add a "by default" or similar into
> the spec text.
> 2. Issue 272. I can't think of a good way to test removal of the
> recommendation. We could check the X-Powered-By header isn't present but
> the spec doesn't say this must not be sent so I think this is untestable.
> 3. Issue 407. Request identifiers can be tested (to some degree) fairly
> simply but connection identifiers quickly gets complicated as you have
> to make assumptions about what the container will see as separate
> connections. It isn't unreasonable for some products to include a
> reverse proxy at which point connection behaviour will depend on a whole
> bunch of stuff the TCK as no knowledge of. I'm leaning towards just
> testing request identifiers.
> Thoughts?
> Mark
> [1]
> _______________________________________________
> servlet-dev mailing list
> servlet-dev@xxxxxxxxxxx
> To unsubscribe from this list, visit

servlet-dev mailing list
To unsubscribe from this list, visit


Back to the top