httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: Header with trailing space in field name passed to CGI script
Date Tue, 14 Apr 2015 06:41:23 GMT
On Tue, 2015-04-14 at 10:09 +0400, George Chelidze wrote:
> Hello,
> 
> According to the rfc822#section-3.2, SPACE character is not allowed in 
> the header field name.

"Be liberal in what you accept".

Stripping whitespace between a field name and a colon looks
to me like a reasonable thing to do.  Unless you're suggesting
it could somehow become a security issue?

> Is there any reason to not ignore a header with the trailing space in 
> the field name and pass it to the CGI environment?

Surely rather than ignore it, you'd want to return 400
if you don't accept current behaviour?

-- 
Nick Kew


Mime
View raw message