httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <>
Subject Re: Could/Shouldn't check_header() allow folding?
Date Wed, 04 Jan 2017 13:43:48 GMT
On Wed, Jan 4, 2017 at 7:21 AM, William A Rowe Jr <> wrote:
> On Wed, Jan 4, 2017 at 6:57 AM, Yann Ylavic <> wrote:
>> I'm using a (third-party/closed) module which replaces newlines in
>> header values (like base64 encoded PEMs) with obs-fold.
> If we accept obs-fold from CGI, or internally within the
> headers_out, we must
> replace them with a single SP and conform to the spec on the wire.

What about either an optional filter, or simply plug in a module that
only implements a fixup hook, which can be configured on potentially
offending requests to scan and correct the headers_out members?

Such a module could also do something to work around other CTLs,
and invalid header token names, to avoid 500 error conditions and
attempt to still forward some response.

View raw message