httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Malo ...@perlig.de>
Subject Re: [PATCH] PR 16520 -- cache MUST NOT cache responses to Authorization requests
Date Mon, 09 Jun 2003 15:23:39 GMT
* Kris Verbeeck wrote:

> Quote from RFC 2616:
>     implied *LWS
>        The grammar described by this specification is word-based. Except
>        where noted otherwise, linear white space (LWS) can be included
>        between any two adjacent words (token or quoted-string), and
>        between adjacent words and separators, without changing the
>        interpretation of a field.

Yes, but 4.2 states:

   HTTP header fields, [...] follow the same generic format as
   that given in Section 3.1 of RFC 822 [9]. Each header field consists
   of a name followed by a colon (":") and the field value. [...]

       message-header = field-name ":" [ field-value ]
       field-name     = token
       [...]

So, there's just one token and no place for an implied LWS. [ situation
differs from "between any two adjacent words (token or quoted-string)" ]

> So, as PR 16520 states:
> 
>     Authorization  : scheme scheme param=value
> 
> is a valid header and should be treated as
> 
>     Authorization: scheme scheme param=value

So these are not the same headers, by my reading of the RFC. In fact the
former is a Bad Request, since a token cannot contain WS.

nd
-- 
die (eval q-qq[Just Another Perl Hacker
]
;-)
# André Malo, <http://www.perlig.de/> #

Mime
View raw message