Based on the discussion here: http://mail-archives.apache.org/mod_mbox/tomcat-dev/201910.mbox/%3C451a4348-3ba7-5af1-b24a-ba6ed52e424f%40apache.org%3E Request header values are tested with contains() or indexOf(), findBytes(), etc. But if the searched value is "gzip" (needle) only, and the search value is "figzip" (haystack) the comparison shall fail, but succeeds due the to substring match. This needs to be tightened to match exactly (case-insenstive if header spec allows).
Fixed in: - master for 9.0.28 onwards - 8.5.x for 8.5.48 onwards - 7.0.x for 7.0.98 onwards
I am afraid I need to reopen this one because of this missed spot: https://github.com/apache/tomcat/blob/master/java/org/apache/coyote/http11/Http11Processor.java#L599-L608
Thanks for catching that. I've refactored the code a little and expanded it to cover the request header case. Performance testing indicates neutral to marginally positive effect.
(In reply to Mark Thomas from comment #3) > Thanks for catching that. I've refactored the code a little and expanded it > to cover the request header case. > > Performance testing indicates neutral to marginally positive effect. Brilliant, only compression config left.