httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 61220] single character headers are rejected with code 400 in unsafe mode
Date Tue, 27 Jun 2017 22:13:34 GMT

--- Comment #7 from William A. Rowe Jr. <> ---
(In reply to William A. Rowe Jr. from comment #6)
> > things like "   : 0" return 200
> As the first line, yes, in subsequent lines it is a continuation of the
> previous header line.

Retesting, I was wrong. The first line " x-y: test" or simply " :" the leading
space results in a 400 response, in both strict and unsafe modes, as expected,
since the 2.2.32 / 2.4.25 releases.

What you thought in subsequent lines was a header line was not; it was a
continuation of the previous header line (they are merged, you will see that
colon appended to the header field named in the previous line.)

results in a Host header value "localhost :test"

That's called an obs-fold and is permitted by design.

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message