Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make HTTP/0.9 opt-in #2873

Closed
bagder opened this issue Aug 13, 2018 · 4 comments

Comments

@bagder
Copy link
Member

commented Aug 13, 2018

I did this

Use curl to get data from a server that isn't responding with a proper HTTP/1 or HTTP/2 response.

curl will gladly hand over the received data as HTTP body. This is because it supports "HTTP/0.9", which is how HTTP used to work before 1.0 (1996): that's just body bytes that ends with a closed connection.

I expected the following

It should report an error if the response is not HTTP protocol compliant. I suspect this "liberal in what you accept" and treating everything as HTTP/0.9 might be surprising to users and I'm also afraid it could cause some unexpected behaviors.

HTTP/0.9 support should therefor be done opt-in. mentioned on the mailing list in July 2018 - no objections there.

curl/libcurl version

curl 7.61.1 still has it supported by default.

operating system

All

Releated

HTTP/0.9 detection was improved in #2872 after which fixing this issue should be pretty easy.

@bagder bagder added the HTTP label Aug 13, 2018

@jay

This comment has been minimized.

Copy link
Member

commented Aug 13, 2018

Ref: #2420

@danielgustafsson are you working on --http0.9

@danielgustafsson

This comment has been minimized.

Copy link
Member

commented Aug 13, 2018

@bagder bagder self-assigned this Dec 17, 2018

@bagder

This comment has been minimized.

Copy link
Member Author

commented Dec 17, 2018

FYI: I'm grabbing this!

bagder added a commit that referenced this issue Dec 17, 2018
http: require HTTP/0.9 to be explicitly allowed to get accepted
CURLOPT_HTTP09 and --http0.9 are added for this purpose.

Fixes #2873
@danielgustafsson

This comment has been minimized.

Copy link
Member

commented Dec 17, 2018

bagder added a commit that referenced this issue Dec 19, 2018
http: require HTTP/0.9 to be explicitly allowed to get accepted
CURLOPT_HTTP09 and --http0.9 are added for this purpose.

Fixes #2873
bagder added a commit that referenced this issue Dec 19, 2018
http: added options for allowing HTTP/0.9 responses
Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.

For now, both the tool and library allow HTTP/0.9 by default.
docs/DEPRECATE.md lays out the plan for when to reverse that default: 6
months after the 7.64.0 release. The options are added already now so
that applications/scripts can start using them already now.

Fixes #2873
bagder added a commit that referenced this issue Dec 20, 2018
http: added options for allowing HTTP/0.9 responses
Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.

For now, both the tool and library allow HTTP/0.9 by default.
docs/DEPRECATE.md lays out the plan for when to reverse that default: 6
months after the 7.64.0 release. The options are added already now so
that applications/scripts can start using them already now.

Fixes #2873

@bagder bagder closed this in 006ff62 Dec 21, 2018

@lock lock bot locked as resolved and limited conversation to collaborators Mar 21, 2019

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
3 participants
You can’t perform that action at this time.