httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 51725] Multiple Range: request accepted as "Range: n-m"
Date Mon, 05 Sep 2011 02:26:09 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=51725

--- Comment #2 from kabe <kabe@sra-tohoku.co.jp> 2011-09-05 02:26:09 UTC ---

The RFC 2616, S4.2 says
>   Multiple message-header fields with the same field-name MAY be
>   present in a message if and only if the entire field-value for that
>   header field is defined as a comma-separated list [i.e., #(values)].

>   It MUST be possible to combine the multiple header fields into one
>   "field-name: field-value" pair, without changing the semantics of the
>   message, by appending each subsequent field-value to the first, each
>   separated by a comma.

Since Range: field-value is defined as
    "bytes=" 1#( byte-range-spec | suffix-byte-range-spec )

this isn't splittable into multiple lines.

There should have been some discussion about this unsplittableness
during HTTP/1.1 standard. Recall anyone?


I don't think it's feasible to reject "Range: 2-3" line in the 
current Apache either, which involves syntax parsing 
BEFORE the header aggregation.

If nobody comes up with any serious issues (security?), this PR
could be closed(wontfix) and left for information purpose.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message