multi-line (folded) HTTP header wrongly parsed

[moriyoshi]

According to RFC2616 2.2., the parsed value of a folded header is supposed to have continuations intact or replaced with a single SP though waitress strips them all (see this).

This behaviour keep developers from dealing with folded headers that are rendered with meaningful occurrences of continuations.

HTTP/1.1 header field values can be folded onto multiple lines if the
continuation line begins with a space or horizontal tab. All linear
white space, including folding, has the same semantics as SP. A
recipient MAY replace any linear white space with a single SP before
interpreting the field value or forwarding the message downstream.

  LWS            = [CRLF] 1*( SP | HT )

[moriyoshi]

Any comments on this?

[mcdonc]

A pull request would help push this through more quickly if there's an issue.

[moriyoshi]

There's definitely an issue. I'm wondering why you saw this as bogus...

[mcdonc]

I didn't say anything about it being bogus. I said a pull request would help it along more quickly if there's an issue. That's still true.

[moriyoshi]

Okay, there are actually several ways to fix this. First one is to replace every folding by a single SP character. Second one is to keep foldings in the parsing results as they have been brought in. That's why I initially thought it would need a discussion before making a patch for that.

[moriyoshi]

As a sidenote, I hit this bug in the real-world setup of applications and it wasn't my intention to try to do some nitpicking around a dark corner of the HTTP spec.

[mcdonc]

I guess we could try to replace foldings with a space.