httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kris Verbeeck <>
Subject [PATCH] PR 16520 -- cache MUST NOT cache responses to Authorization requests
Date Mon, 09 Jun 2003 14:45:04 GMT
Actually this PR is not a mod_cache bug.  According to RFC 2616,
LWS might be present at the end of an HTTP header.

Quote from RFC 2616:
    implied *LWS
       The grammar described by this specification is word-based. Except
       where noted otherwise, linear white space (LWS) can be included
       between any two adjacent words (token or quoted-string), and
       between adjacent words and separators, without changing the
       interpretation of a field. At least one delimiter (LWS and/or
       separators) MUST exist between any two tokens (for the definition
       of "token" below), since they would otherwise be interpreted as a
       single token.

So, as PR 16520 states:

    Authorization  : scheme scheme param=value

is a valid header and should be treated as

    Authorization: scheme scheme param=value

Currently Apache does not strip any trailing LWS from the header name. 
The attached patch resolves this problem.


View raw message