New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

multi-line (folded) HTTP header wrongly parsed #53

Closed
moriyoshi opened this Issue Feb 18, 2014 · 7 comments

Comments

Projects
None yet
3 participants
@moriyoshi

moriyoshi commented Feb 18, 2014

According to RFC2616 2.2., the parsed value of a folded header is supposed to have continuations intact or replaced with a single SP though waitress strips them all (see this).

This behaviour keep developers from dealing with folded headers that are rendered with meaningful occurrences of continuations.

HTTP/1.1 header field values can be folded onto multiple lines if the
continuation line begins with a space or horizontal tab. All linear
white space, including folding, has the same semantics as SP. A
recipient MAY replace any linear white space with a single SP before
interpreting the field value or forwarding the message downstream.

  LWS            = [CRLF] 1*( SP | HT )
@moriyoshi

This comment has been minimized.

Show comment
Hide comment
@moriyoshi

moriyoshi Jun 16, 2014

Any comments on this?

moriyoshi commented Jun 16, 2014

Any comments on this?

@mcdonc

This comment has been minimized.

Show comment
Hide comment
@mcdonc

mcdonc Jun 16, 2014

Member

A pull request would help push this through more quickly if there's an issue.

Member

mcdonc commented Jun 16, 2014

A pull request would help push this through more quickly if there's an issue.

@moriyoshi

This comment has been minimized.

Show comment
Hide comment
@moriyoshi

moriyoshi Jul 30, 2014

There's definitely an issue. I'm wondering why you saw this as bogus...

moriyoshi commented Jul 30, 2014

There's definitely an issue. I'm wondering why you saw this as bogus...

@mcdonc

This comment has been minimized.

Show comment
Hide comment
@mcdonc

mcdonc Jul 30, 2014

Member

I didn't say anything about it being bogus. I said a pull request would help it along more quickly if there's an issue. That's still true.

Member

mcdonc commented Jul 30, 2014

I didn't say anything about it being bogus. I said a pull request would help it along more quickly if there's an issue. That's still true.

@moriyoshi

This comment has been minimized.

Show comment
Hide comment
@moriyoshi

moriyoshi Jul 30, 2014

Okay, there are actually several ways to fix this. First one is to replace every folding by a single SP character. Second one is to keep foldings in the parsing results as they have been brought in. That's why I initially thought it would need a discussion before making a patch for that.

moriyoshi commented Jul 30, 2014

Okay, there are actually several ways to fix this. First one is to replace every folding by a single SP character. Second one is to keep foldings in the parsing results as they have been brought in. That's why I initially thought it would need a discussion before making a patch for that.

@moriyoshi

This comment has been minimized.

Show comment
Hide comment
@moriyoshi

moriyoshi Jul 30, 2014

As a sidenote, I hit this bug in the real-world setup of applications and it wasn't my intention to try to do some nitpicking around a dark corner of the HTTP spec.

moriyoshi commented Jul 30, 2014

As a sidenote, I hit this bug in the real-world setup of applications and it wasn't my intention to try to do some nitpicking around a dark corner of the HTTP spec.

@mcdonc

This comment has been minimized.

Show comment
Hide comment
@mcdonc

mcdonc Jul 30, 2014

Member

I guess we could try to replace foldings with a space.

Member

mcdonc commented Jul 30, 2014

I guess we could try to replace foldings with a space.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment