httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <wr...@rowe-clan.net>
Subject Re: Could/Shouldn't check_header() allow folding?
Date Wed, 04 Jan 2017 13:43:48 GMT
On Wed, Jan 4, 2017 at 7:21 AM, William A Rowe Jr <wrowe@rowe-clan.net> wrote:
> On Wed, Jan 4, 2017 at 6:57 AM, Yann Ylavic <ylavic.dev@gmail.com> wrote:
>> I'm using a (third-party/closed) module which replaces newlines in
>> header values (like base64 encoded PEMs) with obs-fold.
>
> If we accept obs-fold from CGI, or internally within the
> headers_out, we must
> replace them with a single SP and conform to the spec on the wire.

What about either an optional filter, or simply plug in a module that
only implements a fixup hook, which can be configured on potentially
offending requests to scan and correct the headers_out members?

Such a module could also do something to work around other CTLs,
and invalid header token names, to avoid 500 error conditions and
attempt to still forward some response.

Mime
View raw message