Skip to content

/ curl Public

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make HTTP/0.9 opt-in #2873

Closed
bagder opened this issue Aug 13, 2018 · 4 comments
Closed

Make HTTP/0.9 opt-in #2873

bagder opened this issue Aug 13, 2018 · 4 comments
Assignees
@bagder
Labels
HTTP

Comments

@bagder
Copy link
Member

@bagder bagder commented Aug 13, 2018
edited

I did this

Use curl to get data from a server that isn't responding with a proper HTTP/1 or HTTP/2 response.

curl will gladly hand over the received data as HTTP body. This is because it supports "HTTP/0.9", which is how HTTP used to work before 1.0 (1996): that's just body bytes that ends with a closed connection.

I expected the following

It should report an error if the response is not HTTP protocol compliant. I suspect this "liberal in what you accept" and treating everything as HTTP/0.9 might be surprising to users and I'm also afraid it could cause some unexpected behaviors.

HTTP/0.9 support should therefor be done opt-in. mentioned on the mailing list in July 2018 - no objections there.

curl/libcurl version

curl 7.61.1 still has it supported by default.

operating system

All

Releated

HTTP/0.9 detection was improved in #2872 after which fixing this issue should be pretty easy.
@bagder bagder added the HTTP label Aug 13, 2018
@jay
Copy link
Member

@jay jay commented Aug 13, 2018

Ref: #2420

@danielgustafsson are you working on --http0.9

@danielgustafsson
Copy link
Member

@danielgustafsson danielgustafsson commented Aug 13, 2018

@bagder bagder self-assigned this Dec 17, 2018
@bagder
Copy link
Member Author

@bagder bagder commented Dec 17, 2018

FYI: I'm grabbing this!

bagder added a commit that referenced this issue Dec 17, 2018
@bagder
http: require HTTP/0.9 to be explicitly allowed to get accepted
Verified
This commit was signed with the committer’s verified signature.
bagder Daniel Stenberg
GPG key ID: 5CC908FDB71E12C2 Learn about vigilant mode.
Loading status checks…
13067a4 
CURLOPT_HTTP09 and --http0.9 are added for this purpose.

Fixes #2873
@bagder bagder mentioned this issue Dec 17, 2018
Closed
@danielgustafsson
Copy link
Member

@danielgustafsson danielgustafsson commented Dec 17, 2018

bagder added a commit that referenced this issue Dec 19, 2018
@bagder
http: require HTTP/0.9 to be explicitly allowed to get accepted
Verified
This commit was signed with the committer’s verified signature.
bagder Daniel Stenberg
GPG key ID: 5CC908FDB71E12C2 Learn about vigilant mode.
Loading status checks…
46d616c 
CURLOPT_HTTP09 and --http0.9 are added for this purpose.

Fixes #2873
bagder added a commit that referenced this issue Dec 19, 2018
@bagder
http: added options for allowing HTTP/0.9 responses
Verified
This commit was signed with the committer’s verified signature.
bagder Daniel Stenberg
GPG key ID: 5CC908FDB71E12C2 Learn about vigilant mode.
Loading status checks…
083c7d2 
Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.

For now, both the tool and library allow HTTP/0.9 by default.
docs/DEPRECATE.md lays out the plan for when to reverse that default: 6
months after the 7.64.0 release. The options are added already now so
that applications/scripts can start using them already now.

Fixes #2873
bagder added a commit that referenced this issue Dec 20, 2018
@bagder
http: added options for allowing HTTP/0.9 responses
Verified
This commit was signed with the committer’s verified signature.
bagder Daniel Stenberg
GPG key ID: 5CC908FDB71E12C2 Learn about vigilant mode.
Loading status checks…
b7fa892 
Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.

For now, both the tool and library allow HTTP/0.9 by default.
docs/DEPRECATE.md lays out the plan for when to reverse that default: 6
months after the 7.64.0 release. The options are added already now so
that applications/scripts can start using them already now.

Fixes #2873
@bagder bagder closed this in 006ff62 Dec 21, 2018
@lock lock bot locked as resolved and limited conversation to collaborators Mar 21, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@bagder bagder

Labels
HTTP
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
@bagder @danielgustafsson @jay