httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Malo ...@perlig.de>
Subject Re: multiple host headers
Date Mon, 13 Sep 2004 22:37:57 GMT
* "Roy T. Fielding" <fielding@gbiv.com> wrote:

> > Why do we merge multiple Host headers?  I am getting wierd things like
> > this for headers_in host: "www.cnn.com, www.cnn.com"
> >
> > This may be correct, but it caught me by surprise!
> 
> Well, it is an invalid HTTP request.  The question is, should be
> "fix" it for the client by choosing either the first or last field
> (potentially masking a security hole), or simply respond with 400?

I think, 400 is the appropriate response (as I read the RFC).

nd
-- 
die (eval q-qq[Just Another Perl Hacker
]
;-)
# André Malo, <http://pub.perlig.de/> #

Mime
View raw message