httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Re: Header with trailing space in field name passed to CGI script
Date Tue, 14 Apr 2015 06:41:23 GMT
On Tue, 2015-04-14 at 10:09 +0400, George Chelidze wrote:
> Hello,
> According to the rfc822#section-3.2, SPACE character is not allowed in 
> the header field name.

"Be liberal in what you accept".

Stripping whitespace between a field name and a colon looks
to me like a reasonable thing to do.  Unless you're suggesting
it could somehow become a security issue?

> Is there any reason to not ignore a header with the trailing space in 
> the field name and pass it to the CGI environment?

Surely rather than ignore it, you'd want to return 400
if you don't accept current behaviour?

Nick Kew

View raw message